File tree Expand file tree Collapse file tree 4 files changed +9
-5
lines changed
tests/RazorPagesTestSample.Tests Expand file tree Collapse file tree 4 files changed +9
-5
lines changed Original file line number Diff line number Diff line change 11
22.DS_Store
3+ src /Application /src /RazorPagesTestSample /config.json
Original file line number Diff line number Diff line change @@ -95,6 +95,13 @@ public async Task<IActionResult> OnPostAnalyzeMessagesAsync()
9595 public static void WriteToDirectory ( ZipArchiveEntry entry , string destDirectory )
9696 {
9797 string destFileName = Path . Combine ( destDirectory , entry . FullName ) ;
98+
99+ // Ensure the destination file is within the destination directory
100+ if ( ! Path . GetFullPath ( destFileName ) . StartsWith ( Path . GetFullPath ( destDirectory ) , StringComparison . Ordinal ) )
101+ {
102+ throw new InvalidOperationException ( "Entry is trying to write outside of the destination directory." ) ;
103+ }
104+
98105 entry . ExtractToFile ( destFileName ) ;
99106 }
100107 }
Load Diff This file was deleted.
Original file line number Diff line number Diff line change 1313 <PackageReference Include =" Microsoft.EntityFrameworkCore.InMemory" Version =" 8.0.3"
1414 <PackageReference Include =" Microsoft.NET.Test.Sdk" Version =" 17.9.0"
1515 <PackageReference Include =" Moq" Version =" 4.20.70"
16- <PackageReference Include =" Newtonsoft.Json" Version =" 11.0.2 "
16+ <PackageReference Include =" Newtonsoft.Json" Version =" 11.0.3 "
1717 <PackageReference Include =" System.Diagnostics.TraceSource" Version =" 4.3.0"
1818 <PackageReference Include =" System.Net.Http" Version =" 4.3.4"
1919 <PackageReference Include =" xunit" Version =" 2.7.0"
You can’t perform that action at this time.
0 commit comments