fix path traversal which flagged by snyk scan

``` ✗ [Low] Path Traversal ID: 28235865-e32e-466c-a079-e826f744c2a8 Path: test/extended/util/prepare.go, line 100 Info: Unsanitized input from file name flows into os.RemoveAll, where it is used as a path. This may result in a Path Traversal vulnerability and allow an attacker to delete arbitrary files. ```
crc-org · Sep 26, 2024 · 70949d5 · 70949d5
1 parent 9cfc806
commit 70949d5
Show file tree

Hide file tree

Showing 3 changed files with 3 additions and 3 deletions.
diff --git a/pkg/extract/extract.go b/pkg/extract/extract.go
@@ -205,7 +205,7 @@ func unzip(archive, target string, fileFilter func(string) bool, showProgress bo
 			continue
 		}
 
-		if err := unzipFile(file, path, showProgress); err != nil {
+		if err := unzipFile(file, filepath.Clean(path), showProgress); err != nil {
 			return nil, err
 		}
 		extractedFiles = append(extractedFiles, path)

diff --git a/test/extended/util/prepare.go b/test/extended/util/prepare.go
@@ -97,7 +97,7 @@ func CleanTestRunDir() error {
 	}
 
 	for _, file := range files {
-		err := os.RemoveAll(filepath.Join(TestRunDir, file.Name()))
+		err := os.RemoveAll(filepath.Clean(filepath.Join(TestRunDir, file.Name())))
 		if err != nil {
 			return err
 		}

diff --git a/test/extended/util/util.go b/test/extended/util/util.go
@@ -54,7 +54,7 @@ func CopyResourcesFromPath(resourcesPath string) error {
 		sFileName := filepath.Join(resourcesPath, file.Name())
 		fmt.Printf("Copying %s to %s\n", sFileName, destLoc)
 
-		sFile, err := os.Open(sFileName)
+		sFile, err := os.Open(filepath.Clean(sFileName))
 		if err != nil {
 			fmt.Printf("Error occurred opening file: %s", err)
 			return err