From 67ce996dc849b096ce15ea63da707ddae71ddbe4 Mon Sep 17 00:00:00 2001
From: Raffaele Marcello <marcelloraffaele@gmail.com>
Date: Wed, 30 Oct 2024 13:36:00 +0100
Subject: [PATCH] Fix code scanning alert no. 2: Arbitrary file access during
 archive extraction ("Zip Slip")

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
---
 .../src/RazorPagesTestSample/Pages/Index.cshtml.cs         | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/src/Application/src/RazorPagesTestSample/Pages/Index.cshtml.cs b/src/Application/src/RazorPagesTestSample/Pages/Index.cshtml.cs
index c399880a..eff386f4 100644
--- a/src/Application/src/RazorPagesTestSample/Pages/Index.cshtml.cs
+++ b/src/Application/src/RazorPagesTestSample/Pages/Index.cshtml.cs
@@ -94,12 +94,13 @@ public async Task<IActionResult> OnPostAnalyzeMessagesAsync()
 
         public static void WriteToDirectory(ZipArchiveEntry entry, string destDirectory)
         {
-            string destFileName = Path.Combine(destDirectory, entry.FullName);
+            string destFileName = Path.GetFullPath(Path.Combine(destDirectory, entry.FullName));
+            string fullDestDirPath = Path.GetFullPath(destDirectory + Path.DirectorySeparatorChar);
 
             // Ensure the destination file is within the destination directory
-            if (!Path.GetFullPath(destFileName).StartsWith(Path.GetFullPath(destDirectory), StringComparison.Ordinal))
+            if (!destFileName.StartsWith(fullDestDirPath, StringComparison.Ordinal))
             {
-            throw new InvalidOperationException("Entry is trying to write outside of the destination directory.");
+                throw new InvalidOperationException("Entry is trying to write outside of the destination directory.");
             }
 
             entry.ExtractToFile(destFileName);