1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
bundle principal
import (
"archive/zip"
"fmt"
"io"
"log"
"os"
"path/filepath"
"strings"
)
func unzipSource(supply, vacation spot string) error {
// 1. Open the zip file
reader, err := zip.OpenReader(supply)
if err != nil {
return err
}
defer reader.Shut()
// 2. Get absolutely the vacation spot path
vacation spot, err = filepath.Abs(vacation spot)
if err != nil {
return err
}
// 3. Iterate over zip recordsdata contained in the archive and unzip every of them
for _, f := vary reader.File {
err := unzipFile(f, vacation spot)
if err != nil {
return err
}
}
return nil
}
func unzipFile(f *zip.File, vacation spot string) error {
// 4. Test if file paths are usually not weak to Zip Slip
filePath := filepath.Be a part of(vacation spot, f.Title)
if !strings.HasPrefix(filePath, filepath.Clear(vacation spot)+string(os.PathSeparator)) {
return fmt.Errorf("invalid file path: %s", filePath)
}
// 5. Create listing tree
if f.FileInfo().IsDir() {
if err := os.MkdirAll(filePath, os.ModePerm); err != nil {
return err
}
return nil
}
if err := os.MkdirAll(filepath.Dir(filePath), os.ModePerm); err != nil {
return err
}
// 6. Create a vacation spot file for unzipped content material
destinationFile, err := os.OpenFile(filePath, os.O_WRONLY|os.O_CREATE|os.O_TRUNC, f.Mode())
if err != nil {
return err
}
defer destinationFile.Shut()
// 7. Unzip the content material of a file and duplicate it to the vacation spot file
zippedFile, err := f.Open()
if err != nil {
return err
}
defer zippedFile.Shut()
if _, err := io.Copy(destinationFile, zippedFile); err != nil {
return err
}
return nil
}
func principal() {
err := unzipSource("testFolder.zip", "")
if err != nil {
log.Deadly(err)
}
}