Last active
August 27, 2023 04:00
-
-
Save sdomino/635a5ed4f32c93aad131 to your computer and use it in GitHub Desktop.
How to tar and untar files in Golang: https://medium.com/@skdomino/taring-untaring-files-in-go-6b07cf56bc07
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // Untar takes a destination path and a reader; a tar reader loops over the tarfile | |
| // creating the file structure at 'dst' along the way, and writing any files | |
| func Untar(dst string, r io.Reader) error { | |
| gzr, err := gzip.NewReader(r) | |
| if err != nil { | |
| return err | |
| } | |
| defer gzr.Close() | |
| tr := tar.NewReader(gzr) | |
| for { | |
| header, err := tr.Next() | |
| switch { | |
| // if no more files are found return | |
| case err == io.EOF: | |
| return nil | |
| // return any other error | |
| case err != nil: | |
| return err | |
| // if the header is nil, just skip it (not sure how this happens) | |
| case header == nil: | |
| continue | |
| } | |
| // the target location where the dir/file should be created | |
| target := filepath.Join(dst, header.Name) | |
| // the following switch could also be done using fi.Mode(), not sure if there | |
| // a benefit of using one vs. the other. | |
| // fi := header.FileInfo() | |
| // check the file type | |
| switch header.Typeflag { | |
| // if its a dir and it doesn't exist create it | |
| case tar.TypeDir: | |
| if _, err := os.Stat(target); err != nil { | |
| if err := os.MkdirAll(target, 0755); err != nil { | |
| return err | |
| } | |
| } | |
| // if it's a file create it | |
| case tar.TypeReg: | |
| f, err := os.OpenFile(target, os.O_CREATE|os.O_RDWR, os.FileMode(header.Mode)) | |
| if err != nil { | |
| return err | |
| } | |
| // copy over contents | |
| if _, err := io.Copy(f, tr); err != nil { | |
| return err | |
| } | |
| // manually close here after each file operation; defering would cause each file close | |
| // to wait until all operations have completed. | |
| f.Close() | |
| } | |
| } | |
| } |
@ItalyPaleAle thanks for your answer!
I just added this snippet after line 32:
if !fs.ValidPath(target) { return &fs.PathError{Op: "open", Path: target, Err: fs.ErrInvalid} }
It is from the archive package
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
@Sommerrolle to my understanding, they were referring to a 3rd-party library. I believe the code above is still vulnerable since it doesn't do any validation/sanitization on the path.