// If any file inside the archive uses a non-local name
// (as defined by [filepath.IsLocal]) or a name containing backslashes
// and the GODEBUG environment variable contains `zipinsecurepath=0`,
// NewReader returns the reader with an [ErrInsecurePath] error.
This seems like a nice addition to make rwp more secure. There's no proven reason why this would turn into a security issue with the current code, but I think this is always a good addition when it comes to potential ZIP exploits.
The only downside is enabling it requires a hacky setting of the environment variables
From the archive/zip docs:
This seems like a nice addition to make
rwpmore secure. There's no proven reason why this would turn into a security issue with the current code, but I think this is always a good addition when it comes to potential ZIP exploits. The only downside is enabling it requires a hacky setting of the environment variables