ExtractZip extracts the contents of a zip archive to destDir. Files that would result in path traversal are silently skipped. Files that would produce any other error cause the extraction to be aborted, and the error is returned.
(zr *zip.Reader, destDir safepaths.Absolute)
| 22 | // Files that would produce any other error cause the extraction to be aborted, |
| 23 | // and the error is returned. |
| 24 | func ExtractZip(zr *zip.Reader, destDir safepaths.Absolute) error { |
| 25 | for _, zf := range zr.File { |
| 26 | fpath, err := destDir.Join(zf.Name) |
| 27 | if err != nil { |
| 28 | var pathTraversalError safepaths.PathTraversalError |
| 29 | if errors.As(err, &pathTraversalError) { |
| 30 | continue |
| 31 | } |
| 32 | return err |
| 33 | } |
| 34 | |
| 35 | if err := extractZipFile(zf, fpath); err != nil { |
| 36 | return fmt.Errorf("error extracting %q: %w", zf.Name, err) |
| 37 | } |
| 38 | } |
| 39 | return nil |
| 40 | } |
| 41 | |
| 42 | func extractZipFile(zf *zip.File, dest safepaths.Absolute) (extractErr error) { |
| 43 | zm := zf.Mode() |