diff options
| author | Damien Neil <dneil@google.com> | 2022-11-21 11:32:39 -0800 |
|---|---|---|
| committer | Damien Neil <dneil@google.com> | 2022-11-21 21:14:38 +0000 |
| commit | 85a2c19b328081c3fbcd1fa3db9a56d708a25c68 (patch) | |
| tree | 64a79901e3237069743bf38998d2485d2c651803 /src/archive/tar/reader_test.go | |
| parent | f60c77026bb47db984c5da7e6f0590010e7e1a6f (diff) | |
| download | go-85a2c19b328081c3fbcd1fa3db9a56d708a25c68.tar.xz | |
archive/tar, archive/zip: disable insecure file name checks with GODEBUG
Add GODEBUG=tarinsecurepath=1 and GODEBUG=zipinsecurepath=1 settings
to disable file name validation.
For #55356.
Change-Id: Iaacdc629189493e7ea3537a81660215a59dd40a4
Reviewed-on: https://go-review.googlesource.com/c/go/+/452495
Reviewed-by: Bryan Mills <bcmills@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
Run-TryBot: Damien Neil <dneil@google.com>
Reviewed-by: Russ Cox <rsc@golang.org>
Reviewed-by: Heschi Kreinick <heschi@google.com>
Diffstat (limited to 'src/archive/tar/reader_test.go')
| -rw-r--r-- | src/archive/tar/reader_test.go | 20 |
1 files changed, 20 insertions, 0 deletions
diff --git a/src/archive/tar/reader_test.go b/src/archive/tar/reader_test.go index 91dc1650e2..7e0462c3f8 100644 --- a/src/archive/tar/reader_test.go +++ b/src/archive/tar/reader_test.go @@ -1617,6 +1617,7 @@ func TestFileReader(t *testing.T) { } func TestInsecurePaths(t *testing.T) { + t.Setenv("GODEBUG", "tarinsecurepath=0") for _, path := range []string{ "../foo", "/foo", @@ -1652,3 +1653,22 @@ func TestInsecurePaths(t *testing.T) { } } } + +func TestDisableInsecurePathCheck(t *testing.T) { + t.Setenv("GODEBUG", "tarinsecurepath=1") + var buf bytes.Buffer + tw := NewWriter(&buf) + const name = "/foo" + tw.WriteHeader(&Header{ + Name: name, + }) + tw.Close() + tr := NewReader(&buf) + h, err := tr.Next() + if err != nil { + t.Fatalf("tr.Next with tarinsecurepath=1: got err %v, want nil", err) + } + if h.Name != name { + t.Fatalf("tr.Next with tarinsecurepath=1: got name %q, want %q", h.Name, name) + } +} |