Browse Source

Use modified unzip to prevent zip symlink attack

pull/6/head
Menci 7 years ago
parent
commit
bd87775f23
  1. BIN
      bin/unzip
  2. 3
      models/problem.js

BIN
bin/unzip

Binary file not shown.

3
models/problem.js

@ -340,7 +340,8 @@ class Problem extends Model {
await fs.remove(dir);
await fs.ensureDir(dir);
await p7zip.extract(path, dir);
let execFileAsync = Promise.promisify(require('child_process').execFile);
await execFileAsync(__dirname + '/../bin/unzip', ['-j', '-o', '-d', dir, path]);
await fs.move(path, this.getTestdataArchivePath(), { overwrite: true });
});
}

Loading…
Cancel
Save