Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix code scanning alert - Arbitrary file access during archive extraction ("Zip Slip") #171

Closed
1 task
nabbar opened this issue Nov 21, 2023 · 0 comments · Fixed by #170
Closed
1 task

Comments

@nabbar
Copy link
Owner

nabbar commented Nov 21, 2023

Tracking issue for:

@nabbar nabbar linked a pull request Nov 21, 2023 that will close this issue
nabbar added a commit that referenced this issue Nov 21, 2023
Fix 2023-11-21

Package Archives:
    - fix security arbitrary path
    - fix linter
    - fix issue #171 
    - fix issue #172 
    
Package AWS:
    - implement resolver v2
    - force default bucket region constraint to prevent SDK error
    
Package Cobra:
    - fix linter
    
Package Config/component:
    - fix linter
    
Package Context/Config:
    - Add function to set context
    
Package Database/KV...:
    - Fix error
    - Fix collision pointer
    - Fix models
    - Fix circular dependencies
    - Add function Delete on driver, table and item
    - Add function new on drvier to prevent collision data when create item on table get / walk
    
Package Duration:
    - Add type Duration based on time.Duration to allow transform duration to string instead of int64 nanosecond
    - Add function to parse in json, yaml, toml, text, cbor
    - Add function to allow convert type into mapstructure (spf13 viper, cobra...)
    
Package File/Perm:
    - Add type Perm based on os.FileMode to allow marshall / unmashall it into octal form instead of string representation (-rwxrwxrwx)
    - Add function to marshall / unmarshall in json, yaml, toml, text, cbor
    - Add function to allow convert type into mapstructure (spf13 viper, cobra...)
    
Package File/progress:
    - Fix linter
    
Package HTTPServer :
    - Fix linter
    - Fix security by adding a default value if not set on config
    
Package ioutils:
    - Fix Linter
    
Package LDAP:
    - Add Clone function
    - Fix linter
    
Package logger/hookfile:
    - Fix linter
    
Package nats:
    - Fix linter
    
Package Network/Protocol:
    - Fix bug with quote / Dbl Quote on unmarshall
    
Package Password:
    - Replace password with crypto rand instead of math rand
    
Package Size:
    - Fix potential overflow
    - Add function to format value into Int32, Int, Uint32, Uint, Float32
    - Add function to parse Float64 into type Size
    
Package Socket:
    - change config uint32 to golib Size, time.Duration to golib Duration
    - add TLS managment to server TCP, discard for UDP & Unix file Local Domain
    - add function Info Server to print information of server when listen is starting
    
Other:
    - bump dependencies
    - fix CVE-2023-46129
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging a pull request may close this issue.

1 participant