1
0
mirror of https://github.com/golang/go synced 2024-11-17 10:04:43 -07:00
go/api/next
Damien Neil a2d8157a7e archive/tar, archive/zip: return ErrInsecurePath for unsafe paths
Return a distinguishable error when reading an archive file
with a path that is:

	- absolute
	- escapes the current directory (../a)
	- on Windows, a reserved name such as NUL

Users may ignore this error and proceed if they do not need name
sanitization or intend to perform it themselves.

Fixes #25849
Fixes #55356

Change-Id: Ieefa163f00384bc285ab329ea21a6561d39d8096
Reviewed-on: https://go-review.googlesource.com/c/go/+/449937
Reviewed-by: Joseph Tsai <joetsai@digital-static.net>
TryBot-Result: Gopher Robot <gobot@golang.org>
Run-TryBot: Damien Neil <dneil@google.com>
Auto-Submit: Damien Neil <dneil@google.com>
Reviewed-by: Ian Lance Taylor <iant@golang.org>
Reviewed-by: Roland Shoemaker <roland@golang.org>
2022-11-16 23:36:48 +00:00
..
19974.txt crypto: allow hash.Hash for OAEP and MGF1 to be specified independently 2022-11-09 23:51:34 +00:00
31804.txt crypto/ed25519: implement Ed25519ph in Sign and VerifyWithOptions 2022-10-24 12:11:20 +00:00
41773.txt net/http: add Server.DisableOptionsHandler for custom handling of OPTIONS * 2022-08-15 18:57:35 +00:00
42537.txt cmd/api: make check pickier about api/*.txt 2022-11-02 19:08:10 +00:00
43620.txt cmd/api: make check pickier about api/*.txt 2022-11-02 19:08:10 +00:00
45038.txt bytes: add Clone function 2022-08-15 19:17:20 +00:00
45899.txt cmd/api: make check pickier about api/*.txt 2022-11-02 19:08:10 +00:00
46731.txt cmd/cgo: add and use runtime/cgo.Incomplete instead of //go:notinheap 2022-08-28 16:04:49 +00:00
46746.txt cmd/api: make check pickier about api/*.txt 2022-11-02 19:08:10 +00:00
47209.txt path/filepath, io/fs: add SkipAll 2022-08-25 18:50:37 +00:00
48000.txt reflect: add Value.Grow 2022-10-15 17:02:11 +00:00
50429.txt cmd/api: make check pickier about api/*.txt 2022-11-02 19:08:10 +00:00
50436.txt os/exec: add the Cancel and WaitDelay fields 2022-10-25 03:34:36 +00:00
50770.txt time: implement Compare method 2022-09-19 17:10:49 +00:00
51246.txt syscall: add CgroupFD support for ForkExec on Linux 2022-09-09 15:34:16 +00:00
51365.txt context: add APIs for writing and reading cancelation cause 2022-11-08 13:51:16 +00:00
51430.txt runtime/coverage: revise/shorten function names 2022-10-05 14:59:05 +00:00
51668.txt fmt: add a function to recover the original format string given a State 2022-08-06 09:19:31 +00:00
51766.txt net/netip: add IPv6LinkLocalAllRouters and IPv6Loopback 2022-10-21 20:14:41 +00:00
51777.txt net/netip: add IPv6LinkLocalAllRouters and IPv6Loopback 2022-10-21 20:14:41 +00:00
51896.txt cmd/api: make check pickier about api/*.txt 2022-11-02 19:08:10 +00:00
51972.txt sync: add new Map method Swap, CompareAndSwap, CompareAndDelete 2022-11-15 17:35:42 +00:00
52221.txt crypto/ecdh: move ECDH method to PrivateKey 2022-11-16 14:37:29 +00:00
52376.txt reflect: add Value.SetZero 2022-08-26 17:15:08 +00:00
52746.txt time: add DateTime, DateOnly, and TimeOnly 2022-08-09 14:33:24 +00:00
53002.txt net/http/httputil: add ReverseProxy.Rewrite 2022-08-16 20:01:36 +00:00
53021.txt crypto/subtle: add XORBytes 2022-08-17 18:47:33 +00:00
53200.txt go/token: add (*FileSet).RemoveFile(*File) method 2022-08-16 16:27:35 +00:00
53202.txt go/ast: record start and end of file in File.File{Start,End} 2022-09-28 20:37:59 +00:00
53280.txt syscall: remove FreeBSD 11 and below 64bit inode compatibility shims 2022-09-16 01:17:28 +00:00
53346.txt encoding/xml: add (*Encoder).Close 2022-08-23 18:24:30 +00:00
53356.txt debug/elf: fix reloc number of R_PPC64_SECTOFF_LO_DS 2022-08-27 02:36:28 +00:00
53435.txt errors, fmt: add support for wrapping multiple errors 2022-09-29 18:40:40 +00:00
53482.txt cmd/api: make check pickier about api/*.txt 2022-11-02 19:08:10 +00:00
54136.txt net/http: add ResponseController and per-handler timeouts 2022-11-10 18:18:03 +00:00
54222.txt debug/elf: add new-style LoongArch reloc types 2022-08-11 19:32:40 +00:00
54251.txt debug/pe: add IMAGE_FILE_MACHINE_RISCV{32,64,128} 2022-08-09 01:21:43 +00:00
54299.txt api/next/54299: add missing newline 2022-11-09 22:23:18 +00:00
54345.txt debug/elf: fix typo in R_PPC64_TPREL34 and R_PPC64_DTPREL34 2022-09-29 19:54:44 +00:00
55301.txt api: add newline to 55301.txt 2022-11-04 14:19:00 +00:00
55356.txt archive/tar, archive/zip: return ErrInsecurePath for unsafe paths 2022-11-16 23:36:48 +00:00
56041.txt regexp: add ErrLarge error 2022-11-02 18:15:21 +00:00
56219.txt path/filepath: add IsLocal 2022-11-16 23:17:58 +00:00