diff --git a/.gitignore b/.gitignore index 9bea4330..251796ae 100644 --- a/.gitignore +++ b/.gitignore @@ -1,2 +1,3 @@ .DS_Store + src/Application/src/RazorPagesTestSample/config.json \ No newline at end of file diff --git a/src/Application/src/RazorPagesTestSample/Pages/Index.cshtml.cs b/src/Application/src/RazorPagesTestSample/Pages/Index.cshtml.cs index 2e6d94bb..6cf0193e 100644 --- a/src/Application/src/RazorPagesTestSample/Pages/Index.cshtml.cs +++ b/src/Application/src/RazorPagesTestSample/Pages/Index.cshtml.cs @@ -92,9 +92,13 @@ public async Task OnPostAnalyzeMessagesAsync() return RedirectToPage(); } - public static void WriteToDirectory(ZipArchiveEntry entry, string destDirectory) + public static void WriteToDirectory(ZipArchiveEntry entry, string destDirectory) { - string destFileName = Path.Combine(destDirectory, entry.FullName); + string destFileName = Path.GetFullPath(Path.Combine(destDirectory, entry.FullName)); + string fullDestDirPath = Path.GetFullPath(destDirectory + Path.DirectorySeparatorChar); + if (!destFileName.StartsWith(fullDestDirPath)) { + throw new System.InvalidOperationException("Entry is outside the target dir: " + destFileName); + } entry.ExtractToFile(destFileName); } } diff --git a/src/Application/src/RazorPagesTestSample/config.json b/src/Application/src/RazorPagesTestSample/config.json deleted file mode 100644 index 1a3874d4..00000000 --- a/src/Application/src/RazorPagesTestSample/config.json +++ /dev/null @@ -1,4 +0,0 @@ -{ - "registry_key": "8yYKDsFTjatiQI9nVcsoQ1P3rdnh+P5Mlz9gVBgVgx+ACRArmBQ3", - "registry_type": "AzureContainerRegistry" -} \ No newline at end of file diff --git a/src/Application/tests/RazorPagesTestSample.Tests/RazorPagesTestSample.Tests.csproj b/src/Application/tests/RazorPagesTestSample.Tests/RazorPagesTestSample.Tests.csproj index a66e0a92..a0f5f511 100644 --- a/src/Application/tests/RazorPagesTestSample.Tests/RazorPagesTestSample.Tests.csproj +++ b/src/Application/tests/RazorPagesTestSample.Tests/RazorPagesTestSample.Tests.csproj @@ -13,7 +13,7 @@ - +