Use ordinal to ensure no mistakes on linux

marcpopMSFT · web-flow · commit 6e249e3ee31d · 2025-09-09T16:26:51.000-07:00
Don't call through the get full directory path
Reduce three variables down to two to help the scanners
Move the desination path out of the loop since it doesn't change
diff --git a/src/Tasks/sdk-tasks/ExtractArchiveToDirectory.cs b/src/Tasks/sdk-tasks/ExtractArchiveToDirectory.cs
@@ -84,15 +84,15 @@ public override bool Execute()
                         if (isZipArchive)
                         {
                             using var zip = new ZipArchive(File.OpenRead(SourceArchive));
+                            string fullDestDirPath = GetFullDirectoryPathWithSeperator(DestinationDirectory);
+
                             foreach (var entry in zip.Entries)
                             {
                                 if (ShouldExtractItem(entry.FullName))
                                 {
-                                    string destinationPath = Path.Combine(DestinationDirectory, entry.FullName);
-                                    string destinationFileName = GetFullDirectoryPathWithSeperator(destinationPath);
-                                    string fullDestDirPath = GetFullDirectoryPathWithSeperator(DestinationDirectory);
+                                    string destinationPath = Path.GetFullPath(Path.Combine(DestinationDirectory, entry.FullName));
 
-                                    CheckDestinationPath(destinationFileName, fullDestDirPath);
+                                    CheckDestinationPath(destinationPath, fullDestDirPath);
 
                                     if (!Directory.Exists(Path.Combine(DestinationDirectory, Path.GetDirectoryName(entry.FullName))))
                                     {
@@ -116,6 +116,7 @@ public override bool Execute()
                             using var decompressedStream = new MemoryStream();
                             decompressor.CopyTo(decompressedStream);
                             decompressedStream.Seek(0, SeekOrigin.Begin);
+                            string fullDestDirPath = GetFullDirectoryPathWithSeperator(DestinationDirectory);
 
                             // Extract Tar content
                             using TarReader tr = new TarReader(decompressedStream);
@@ -127,11 +128,9 @@ public override bool Execute()
                                     entryName = entryName.StartsWith("./") ? entryName[2..] : entryName;
                                     if (ShouldExtractItem(entryName))
                                     {
-                                        string destinationPath = Path.Combine(DestinationDirectory, entryName);
-                                        string destinationFileName = GetFullDirectoryPathWithSeperator(destinationPath);
-                                        string fullDestDirPath = GetFullDirectoryPathWithSeperator(DestinationDirectory);
+                                        string destinationPath = Path.GetFullPath(Path.Combine(DestinationDirectory, entryName));
 
-                                        CheckDestinationPath(destinationFileName, fullDestDirPath);
+                                        CheckDestinationPath(destinationPath, fullDestDirPath);
 
                                         Log.LogMessage(entryName);
 
@@ -186,7 +185,7 @@ private string GetFullDirectoryPathWithSeperator(string directory)
         {
             string fullDirectoryPath = Path.GetFullPath(directory);
 
-            if (!fullDirectoryPath.EndsWith(Path.DirectorySeparatorChar.ToString(), StringComparison.OrdinalIgnoreCase))
+            if (!fullDirectoryPath.EndsWith(Path.DirectorySeparatorChar.ToString(), StringComparison.Ordinal))
             {
                 fullDirectoryPath = string.Concat(fullDirectoryPath, Path.DirectorySeparatorChar);
             }
@@ -196,7 +195,7 @@ private string GetFullDirectoryPathWithSeperator(string directory)
 
         private void CheckDestinationPath(string destinationFileName, string fullDestDirPath)
         {
-            if (!destinationFileName.StartsWith(fullDestDirPath, StringComparison.OrdinalIgnoreCase))
+            if (!destinationFileName.StartsWith(fullDestDirPath, StringComparison.Ordinal))
             {
                 throw new System.InvalidOperationException("Entry is outside the target dir: " + destinationFileName);
             }

Original file line number	Diff line number	Diff line change
`@@ -84,15 +84,15 @@ public override bool Execute()`
`84`	`84`	`if (isZipArchive)`
`85`	`85`	`{`
`86`	`86`	`using var zip = new ZipArchive(File.OpenRead(SourceArchive));`
	`87`	`+ string fullDestDirPath = GetFullDirectoryPathWithSeperator(DestinationDirectory);`
	`88`	`+`
`87`	`89`	`foreach (var entry in zip.Entries)`
`88`	`90`	`{`
`89`	`91`	`if (ShouldExtractItem(entry.FullName))`
`90`	`92`	`{`
`91`		`- string destinationPath = Path.Combine(DestinationDirectory, entry.FullName);`
`92`		`- string destinationFileName = GetFullDirectoryPathWithSeperator(destinationPath);`
`93`		`- string fullDestDirPath = GetFullDirectoryPathWithSeperator(DestinationDirectory);`
	`93`	`+ string destinationPath = Path.GetFullPath(Path.Combine(DestinationDirectory, entry.FullName));`
`94`	`94`
`95`		`- CheckDestinationPath(destinationFileName, fullDestDirPath);`
	`95`	`+ CheckDestinationPath(destinationPath, fullDestDirPath);`
`96`	`96`
`97`	`97`	`if (!Directory.Exists(Path.Combine(DestinationDirectory, Path.GetDirectoryName(entry.FullName))))`
`98`	`98`	`{`
`@@ -116,6 +116,7 @@ public override bool Execute()`
`116`	`116`	`using var decompressedStream = new MemoryStream();`
`117`	`117`	`decompressor.CopyTo(decompressedStream);`
`118`	`118`	`decompressedStream.Seek(0, SeekOrigin.Begin);`
	`119`	`+ string fullDestDirPath = GetFullDirectoryPathWithSeperator(DestinationDirectory);`
`119`	`120`
`120`	`121`	`// Extract Tar content`
`121`	`122`	`using TarReader tr = new TarReader(decompressedStream);`
`@@ -127,11 +128,9 @@ public override bool Execute()`
`127`	`128`	`entryName = entryName.StartsWith("./") ? entryName[2..] : entryName;`
`128`	`129`	`if (ShouldExtractItem(entryName))`
`129`	`130`	`{`
`130`		`- string destinationPath = Path.Combine(DestinationDirectory, entryName);`
`131`		`- string destinationFileName = GetFullDirectoryPathWithSeperator(destinationPath);`
`132`		`- string fullDestDirPath = GetFullDirectoryPathWithSeperator(DestinationDirectory);`
	`131`	`+ string destinationPath = Path.GetFullPath(Path.Combine(DestinationDirectory, entryName));`
`133`	`132`
`134`		`- CheckDestinationPath(destinationFileName, fullDestDirPath);`
	`133`	`+ CheckDestinationPath(destinationPath, fullDestDirPath);`
`135`	`134`
`136`	`135`	`Log.LogMessage(entryName);`
`137`	`136`
`@@ -186,7 +185,7 @@ private string GetFullDirectoryPathWithSeperator(string directory)`
`186`	`185`	`{`
`187`	`186`	`string fullDirectoryPath = Path.GetFullPath(directory);`
`188`	`187`
`189`		`- if (!fullDirectoryPath.EndsWith(Path.DirectorySeparatorChar.ToString(), StringComparison.OrdinalIgnoreCase))`
	`188`	`+ if (!fullDirectoryPath.EndsWith(Path.DirectorySeparatorChar.ToString(), StringComparison.Ordinal))`
`190`	`189`	`{`
`191`	`190`	`fullDirectoryPath = string.Concat(fullDirectoryPath, Path.DirectorySeparatorChar);`
`192`	`191`	`}`
`@@ -196,7 +195,7 @@ private string GetFullDirectoryPathWithSeperator(string directory)`
`196`	`195`
`197`	`196`	`private void CheckDestinationPath(string destinationFileName, string fullDestDirPath)`
`198`	`197`	`{`
`199`		`- if (!destinationFileName.StartsWith(fullDestDirPath, StringComparison.OrdinalIgnoreCase))`
	`198`	`+ if (!destinationFileName.StartsWith(fullDestDirPath, StringComparison.Ordinal))`
`200`	`199`	`{`
`201`	`200`	`throw new System.InvalidOperationException("Entry is outside the target dir: " + destinationFileName);`
`202`	`201`	`}`