diff options
author | GitLab Release Tools Bot <delivery-team+release-tools@gitlab.com> | 2023-01-31 11:45:59 +0000 |
---|---|---|
committer | GitLab Release Tools Bot <delivery-team+release-tools@gitlab.com> | 2023-01-31 11:45:59 +0000 |
commit | 637146034ce2a23df46d90b8e0b77d75553fdbb9 (patch) | |
tree | 7c6244459250fc610480d52bc0231f411d0547c4 /lib/safe_zip/entry.rb | |
parent | c3e54801bb461b6d53c48e3194f87cb5ebf3f5ba (diff) | |
parent | 383efe57adfb30756ce6ce0d3f47c32a33c2ca85 (diff) | |
download | gitlab-ce-637146034ce2a23df46d90b8e0b77d75553fdbb9.tar.gz |
Merge remote-tracking branch 'dev/15-8-stable' into 15-8-stable
Diffstat (limited to 'lib/safe_zip/entry.rb')
-rw-r--r-- | lib/safe_zip/entry.rb | 10 |
1 files changed, 8 insertions, 2 deletions
diff --git a/lib/safe_zip/entry.rb b/lib/safe_zip/entry.rb index 52d70e83154..88647b9b1eb 100644 --- a/lib/safe_zip/entry.rb +++ b/lib/safe_zip/entry.rb @@ -25,8 +25,8 @@ module SafeZip end def extract - # do not extract if file is not part of target directory - return false unless matching_target_directory + # do not extract if file is not part of target directory or target file + return false unless matching_target_directory || matching_target_file # do not overwrite existing file raise SafeZip::Extract::AlreadyExistsError, "File already exists #{zip_entry.name}" if exist? @@ -44,6 +44,8 @@ module SafeZip end rescue SafeZip::Extract::Error raise + rescue Zip::EntrySizeError => e + raise SafeZip::Extract::EntrySizeError, e.message rescue StandardError => e raise SafeZip::Extract::ExtractError, e.message end @@ -84,6 +86,10 @@ module SafeZip params.matching_target_directory(path) end + def matching_target_file + params.matching_target_file(path) + end + def read_symlink zip_archive.read(zip_entry) end |