SECURITY: Safely decompress files. (PR #8124)


You’ve signed the CLA, romanrizzi. Thank you! This pull request is ready for review.

There is a conflict here, @romanrizzi can you have a look, most likely due the zeitwerk merge.

Can this go in an ensure block?

1 Like

This does look nice. I found the strategy / implementation classes easy to follow.

I do want to triple check that the path / folders are sanitized properly, as they would be a quick hack to run commands on a server somewhere since they are interpolated into commands. @romanrizzi can you make absolutely sure those parameters are secured?


@eviltrout Done! We now check that the path exists in our file system before compressing/decompressing.

1 Like