Examples/Safe_ZipSlip_1.ps1
|
function Expand-ZipSafe { param($destinationDirectory, $entryName) $extractPath = [System.IO.Path]::Combine($destinationDirectory, $entryName) $extractFullPath = [System.IO.Path]::GetFullPath($extractPath) $destinationDirectoryFullPath = [System.IO.Path]::GetFullPath($destinationDirectory) if(-not $extractFullPath.StartsWith($destinationDirectoryFullPath)) { throw "Zip Slip" } $entry = New-Object psobject $entry.ExtractToFile($extractFullPath, $true) } |