Removes functionality to symlink to something with and absolute path. This is a avoid zip slipping

ForestEckhardt · ryanmoran · commit 6586ce51bcf8 · 2021-06-11T14:22:16.000-07:00
diff --git a/vacation/vacation.go b/vacation/vacation.go
@@ -206,14 +206,8 @@ func (ta TarArchive) Decompress(destination string) error {
 	})
 
 	for _, h := range symlinkHeaders {
-		evalPath := linknameFullPath(h.path, h.linkname)
-		// Don't use constucted link if the link is absolute
-		if filepath.IsAbs(h.linkname) {
-			evalPath = h.linkname
-		}
-
 		// Check to see if the file that will be linked to is valid for symlinking
-		_, err := filepath.EvalSymlinks(evalPath)
+		_, err := filepath.EvalSymlinks(linknameFullPath(h.path, h.linkname))
 		if err != nil {
 			return fmt.Errorf("failed to evaluate symlink %s: %w", h.path, err)
 		}
@@ -481,14 +475,8 @@ func (z ZipArchive) Decompress(destination string) error {
 	})
 
 	for _, h := range symlinkHeaders {
-		evalPath := linknameFullPath(h.path, h.linkname)
-		// Don't use constucted link if the link is absolute
-		if filepath.IsAbs(h.linkname) {
-			evalPath = h.linkname
-		}
-
 		// Check to see if the file that will be linked to is valid for symlinking
-		_, err := filepath.EvalSymlinks(evalPath)
+		_, err := filepath.EvalSymlinks(linknameFullPath(h.path, h.linkname))
 		if err != nil {
 			return fmt.Errorf("failed to evaluate symlink %s: %w", h.path, err)
 		}
