actions/cargo-binstall
1
0
Fork 0
mirror of https://github.com/cargo-bins/cargo-binstall.git synced 2025-04-24 14:28:42 +00:00
Code Issues Projects Releases Packages Wiki Activity

Fix extract_tar_based_stream: Normalize path before adding them to ExtractedFiles (#901)

Browse source 
Signed-off-by: Jiahao XU <Jiahao_XU@outlook.com>
This commit is contained in:
Jiahao XU 2023-03-13 21:27:50 +11:00 committed by GitHub
parent e89b8e2463
commit 89a47cbec9
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 23 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

23
crates/binstalk-downloader/src/download/async_extracter.rs
View file

@ -3,7 +3,7 @@ use std::{
fs,
future::Future,
io::{self, Write},
path::Path,
path::{Component, Path, PathBuf},
};
use async_zip::read::stream::ZipFileReader;
@ -110,7 +110,26 @@ where
// unpack_in returns false if the path contains ".."
// and is skipped.
if entry.unpack_in(dst)? {
extracted_files.add_file(&entry.path()?);
let path = entry.path()?;
// create normalized_path in the same way
// tar::Entry::unpack_in would normalize the path.
let mut normalized_path = PathBuf::new();
for part in path.components() {
match part {
Component::Prefix(..) | Component::RootDir | Component::CurDir => {
continue
}
// unpack_in would return false if this happens.
Component::ParentDir => unreachable!(),
Component::Normal(part) => normalized_path.push(part),
}
}
extracted_files.add_file(&normalized_path);
}
}
tar::EntryType::Directory => {