f8c7fd1d28
To prevent zipslip, we verify that each extracted file would fall strictly under the prefix of the path to extract to. However, this yielded a false positive when extracting to `.`, which is the default for downloading a single archive. |
||
|---|---|---|
| .. | ||
| fixtures | ||
| download.go | ||
| download_test.go | ||
| http.go | ||
| http_test.go | ||
| zip.go | ||
| zip_test.go | ||