github.com/projecteru2/core@v0.0.0-20240321043226-06bcc1c23f58/source/common/helper.go

github.com/projecteru2/core@v0.0.0-20240321043226-06bcc1c23f58/source/common/helper.go (about)

     1  package common
     2  
     3  import (
     4  	"archive/zip"
     5  	"bytes"
     6  	"io"
     7  	"os"
     8  	"path/filepath"
     9  )
    10  
    11  // unzipFile unzip a file(from resp.Body) to the spec path
    12  func unzipFile(body io.Reader, path string) error {
    13  	content, err := io.ReadAll(body)
    14  	if err != nil {
    15  		return err
    16  	}
    17  
    18  	reader, err := zip.NewReader(bytes.NewReader(content), int64(len(content)))
    19  	if err != nil {
    20  		return err
    21  	}
    22  
    23  	// extract files from zipfile
    24  	for _, f := range reader.File {
    25  		zipped, err := f.Open()
    26  		if err != nil {
    27  			return err
    28  		}
    29  
    30  		defer zipped.Close()
    31  
    32  		//  G305: File traversal when extracting zip archive
    33  		p := filepath.Join(path, f.Name) //nolint
    34  
    35  		if f.FileInfo().IsDir() {
    36  			_ = os.MkdirAll(p, f.Mode())
    37  			continue
    38  		}
    39  
    40  		writer, err := os.OpenFile(p, os.O_WRONLY|os.O_CREATE, f.Mode())
    41  		if err != nil {
    42  			return err
    43  		}
    44  
    45  		defer writer.Close()
    46  		if _, err = io.Copy(writer, zipped); err != nil { //nolint
    47  			// G110: Potential DoS vulnerability via decompression bomb
    48  			return err
    49  		}
    50  	}
    51  	return nil
    52  }