Skip to content

Commit

Permalink
Bring back comment for nosec (#231)
Browse files Browse the repository at this point in the history
Signed-off-by: thepetk <thepetk@gmail.com>
  • Loading branch information
thepetk authored Apr 4, 2024
1 parent 7c89891 commit d10fc19
Showing 1 changed file with 2 additions and 1 deletion.
3 changes: 2 additions & 1 deletion registry-library/library/util.go
Original file line number Diff line number Diff line change
Expand Up @@ -122,6 +122,7 @@ func decompress(targetDir string, tarFile string, excludeFiles []string) error {
return returnedErr
}
case tar.TypeReg:
/* #nosec G304 -- target is produced using path.Join which cleans the dir path */
w, err := os.OpenFile(target, os.O_CREATE|os.O_RDWR, os.FileMode(header.Mode))
if err != nil {
returnedErr = multierror.Append(returnedErr, err)
Expand Down Expand Up @@ -194,7 +195,7 @@ func getHTTPClient(options RegistryOptions) *http.Client {

// Cleans a child path to ensure that there is no escaping from the parent directory with the use of ../ escape methods
// Ensures that the child path is always contained and absolutely pathed from the parent
func CleanFilepath(parent string, child string)string{
func CleanFilepath(parent string, child string) string {
target := path.Join(parent, filepath.Clean("/"+child))
return target
}

0 comments on commit d10fc19

Please sign in to comment.