Dokploy/dokploy
1
0
Fork 0
mirror of https://github.com/Dokploy/dokploy.git synced 2026-06-20 14:45:42 +02:00
Code Issues Packages Projects Releases Wiki Activity

refactor(drop): replace symlink entry check with dangerous node entry validation

Browse Source 
- Updated the unzipDrop function to remove the symlink entry check and replace it with a more general validation for dangerous node entries.
- Adjusted the associated test to reflect the change in error messaging.
This commit is contained in:
Mauricio Siu
2026-02-17 14:31:10 -06:00
parent b58f2b236f
commit 685a4c0b69
2 changed files with 1 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
apps/dokploy/__test__/drop/drop.test.ts
View File

@@ -250,7 +250,7 @@ describe("security: zip symlink entry blocked", () => {
const file = new File([zipBuffer as any], "exploit.zip");
await expect(unzipDrop(file, { ...baseApp, appName })).rejects.toThrow(
/Symlink entries are not allowed/,
/Dangerous node entries are not allowed/,
);
});
});

10
packages/server/src/utils/builders/drop.ts
View File

@@ -69,10 +69,6 @@ export const unzipDrop = async (zipFile: File, application: Application) => {
);
}
if (isSymlinkEntry(entry)) {
throw new Error(`Symlink entries are not allowed: ${entry.entryName}`);
}
if (isDangerousNode(entry)) {
throw new Error(
`Dangerous node entries are not allowed: ${entry.entryName}`,
@@ -149,12 +145,6 @@ const uploadFileToServer = (
});
};
function isSymlinkEntry(entry: AdmZip.IZipEntry) {
// upper 16 bits = unix permissions
const unix = (entry.header.attr >> 16) & 0o170000;
return unix === 0o120000;
}
function isDangerousNode(entry: AdmZip.IZipEntry) {
const type = (entry.header.attr >> 16) & 0o170000;