Closed svrooij closed 1 month ago
Fixes #116
Fix the arbitrary file access during archive extraction (Zip Slip) vulnerability.
src/Winget.CommunityRepository.Ef/WingetRepositoryWithEf.cs
ExtractToDirectory
LoadEntriesFromSqlLite
src/WingetIntune/Implementations/DefaultFileManager.cs
ExtractFileToFolder
ExtractFileToFolderAsync
For more details, open the Copilot Workspace session.
28 tests ±0 28 :white_check_mark: ±0 1s :stopwatch: ±0s 10 suites ±0 0 :zzz: ±0 1 files ±0 0 :x: ±0
Results for commit 5235db37. ± Comparison against base commit 401c934b.
Fixes #116
Fix the arbitrary file access during archive extraction (Zip Slip) vulnerability.
src/Winget.CommunityRepository.Ef/WingetRepositoryWithEf.cs
ExtractToDirectory
method to validate file paths during extraction.LoadEntriesFromSqlLite
method to use the newExtractToDirectory
method.src/WingetIntune/Implementations/DefaultFileManager.cs
ExtractFileToFolder
method.ExtractFileToFolderAsync
method to validate file paths during extraction.For more details, open the Copilot Workspace session.