diff --git a/src/Installer/core-sdk-tasks/ExtractArchiveToDirectory.cs b/src/Installer/core-sdk-tasks/ExtractArchiveToDirectory.cs index b0b33a042021..ee53071a5aa6 100644 --- a/src/Installer/core-sdk-tasks/ExtractArchiveToDirectory.cs +++ b/src/Installer/core-sdk-tasks/ExtractArchiveToDirectory.cs @@ -60,7 +60,7 @@ protected override bool ValidateParameters() Log.LogMessage($"Creating Directory {DestinationDirectory}"); Directory.CreateDirectory(DestinationDirectory); } - + return retVal; } @@ -88,13 +88,22 @@ public override bool Execute() { if (ShouldExtractItem(entry.FullName)) { - if (!Directory.Exists(Path.Combine(DestinationDirectory, Path.GetDirectoryName(entry.FullName)))) + var fullDestinationPath = Path.GetFullPath(Path.Combine(DestinationDirectory, entry.FullName)); + if (!fullDestinationPath.StartsWith(Path.GetFullPath(DestinationDirectory), StringComparison.Ordinal)) + { + Log.LogMessage($"Warning: Skipping invalid entry {entry.FullName} (potential zip slip attack)"); + continue; + } + + var directoryPath = Path.GetDirectoryName(fullDestinationPath); + if (!Directory.Exists(directoryPath)) { - Directory.CreateDirectory(Path.Combine(DestinationDirectory, Path.GetDirectoryName(entry.FullName))); + Directory.CreateDirectory(directoryPath); } - Log.LogMessage(Path.GetDirectoryName(entry.FullName)); - entry.ExtractToFile(Path.Combine(loc, entry.FullName)); + // Log the directory path and extract the file + Log.LogMessage(directoryPath); + entry.ExtractToFile(fullDestinationPath, overwrite: true); } } }