Rule which detects a potential path traversal when extracting zip archives (#208)

* Add a rule which detects file path traversal when extracting zip archive * Detect if any argument is derived from zip.File * Drop support for Go version 1.8
2025-11-29 22:37:59 +02:00 · 2018-07-18 14:31:07 +02:00
parent 4ae8c95b40
commit 1923b6d18e
6 changed files with 160 additions and 1 deletions
--- a/rules/rules_test.go
+++ b/rules/rules_test.go
@@ -103,6 +103,10 @@ var _ = Describe("gas rules", func() {
 			runner("G304", testutils.SampleCodeG304)
 		})

+		It("should detect file path traversal when extracting zip archive", func() {
+			runner("G305", testutils.SampleCodeG305)
+		})
+
 		It("should detect weak crypto algorithms", func() {
 			runner("G401", testutils.SampleCodeG401)
 		})