Missing protection against 'Zip Slip' path traversal
- Rule ID: go_gosec_filesystem_ziparchive
- Languages: go
- Source: ziparchive.yml
Description
Your application is vulnerable to a 'Zip Slip' path traversal attack when it extracts files from archives that are not trusted. This occurs because malicious archives may contain files with relative paths aiming to escape the intended directory. As a result, these files could overwrite important system files or be placed in sensitive locations, leading to security breaches.
Remediations
- Do implement checks to limit the zip archive's size. This prevents 'Zip Bombs', which are archives that decompress into sizes much larger than expected. For example, use
file.UncompressedSize64to check the size of a file within a ZIP file. - Do generate unique filenames for extracted files or sanitize the original filenames to avoid overwriting files intentionally. You can use
filepath.Base, for example, to extract the filename from a path and discard any directory information.name := filepath.Base(file.Name) - Do validate the paths of extracted files to ensure they are written to a specified, trusted directory without traversing outside of it.
- Do process only regular files. Exclude symbolic links to prevent indirect file read/write vulnerabilities.
if !file.Mode().IsRegular() {
log.Fatal("non-regular file: %s\n", file.Name)
} - Do ensure directories within the zip archive are processed securely by cleaning the path and strictly validating it against the base path.
References
Associated CWE
OWASP Top 10
Configuration
To skip this rule during a scan, use the following flag
bearer scan /path/to/your-project/ --skip-rule=go_gosec_filesystem_ziparchiveTo run only this rule during a scan, use the following flag
bearer scan /path/to/your-project/ --only-rule=go_gosec_filesystem_ziparchive