diff --git a/crates/binstalk-downloader/src/download/async_extracter.rs b/crates/binstalk-downloader/src/download/async_extracter.rs index 6c6b6905..c04675a2 100644 --- a/crates/binstalk-downloader/src/download/async_extracter.rs +++ b/crates/binstalk-downloader/src/download/async_extracter.rs @@ -3,7 +3,7 @@ use std::{ fs, future::Future, io::{self, Write}, - path::Path, + path::{Component, Path, PathBuf}, }; use async_zip::read::stream::ZipFileReader; @@ -110,7 +110,26 @@ where // unpack_in returns false if the path contains ".." // and is skipped. if entry.unpack_in(dst)? { - extracted_files.add_file(&entry.path()?); + let path = entry.path()?; + + // create normalized_path in the same way + // tar::Entry::unpack_in would normalize the path. + let mut normalized_path = PathBuf::new(); + + for part in path.components() { + match part { + Component::Prefix(..) | Component::RootDir | Component::CurDir => { + continue + } + + // unpack_in would return false if this happens. + Component::ParentDir => unreachable!(), + + Component::Normal(part) => normalized_path.push(part), + } + } + + extracted_files.add_file(&normalized_path); } } tar::EntryType::Directory => { diff --git a/crates/binstalk/src/ops/resolve.rs b/crates/binstalk/src/ops/resolve.rs index 3cb20d95..8b378902 100644 --- a/crates/binstalk/src/ops/resolve.rs +++ b/crates/binstalk/src/ops/resolve.rs @@ -202,6 +202,8 @@ async fn download_extract_and_verify( // If that fails, then ignore this fetcher. let extracted_files = fetcher.fetch_and_extract(bin_path).await?; + debug!("extracted_files = {extracted_files:#?}"); + // Build final metadata let meta = fetcher.target_meta();