ziputil

package
v0.72.6 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jan 12, 2026 License: MIT Imports: 8 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	// MaxExtractedFileSize sets a limit to prevent decompression bombs (default: 1GB)
	MaxExtractedFileSize = 1 << 30
)

Variables

This section is empty.

Functions

func FindUnsafeZipPaths 

func FindUnsafeZipPaths(zr *zip.Reader) ([]string, error)

FindUnsafeZipPaths scans all entries in a zip.Reader and returns a slice of unsafe paths. Unsafe paths include:

  • directory traversal (../ or ..\)
  • absolute paths (/foo, C:\foo)
  • drive letters
  • null-byte injection

Returns a non-nil error if any unsafe paths are detected.

func SecureUnzip 

func SecureUnzip(zr *zip.Reader, dest string) error

SecureUnzip extracts all files from a zip.Reader to the destination directory. It uses FindUnsafeZipPaths to prevent directory traversal or unsafe paths.

func StreamScanZipPaths 

func StreamScanZipPaths(r io.Reader) ([]string, error)

StreamScanZipPaths streams a ZIP from io.Reader to a temp file and validates it using FindUnsafeZipPaths.

Types

This section is empty.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.