Zip-Tools/utils.go at master · MCSManager/Zip-Tools · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
package main

import (
	"archive/zip"
	"fmt"
	"io"
	"os"
	"path"
	"path/filepath"
	"strings"

	"golang.org/x/text/encoding"
	"golang.org/x/text/encoding/japanese"
	"golang.org/x/text/encoding/korean"
	"golang.org/x/text/encoding/simplifiedchinese"
	"golang.org/x/text/encoding/traditionalchinese"
	"golang.org/x/text/encoding/unicode"
)

func getDecoderByCoder(code string) *encoding.Decoder {
	code = strings.ToLower(code)
	var decoder *encoding.Decoder
	switch code {
	case "gbk":
		decoder = simplifiedchinese.GBK.NewDecoder()
	case "big5":
		decoder = traditionalchinese.Big5.NewDecoder()
	case "shift_jis":
		decoder = japanese.ShiftJIS.NewDecoder()
	case "euckr":
		decoder = korean.EUCKR.NewDecoder()
	default:
		decoder = unicode.UTF8.NewDecoder()
	}
	return decoder
}

// safeExtractPath resolves a zip entry name under baseDir and rejects path traversal.
func safeExtractPath(baseDir, name string) (string, error) {
	name = path.Clean(strings.ReplaceAll(name, "\\", "/"))
	if name == "." || name == ".." {
		return "", fmt.Errorf("illegal path: %q", name)
	}
	if strings.HasPrefix(name, "/") {
		return "", fmt.Errorf("illegal absolute path: %q", name)
	}
	for _, part := range strings.Split(name, "/") {
		if part == ".." {
			return "", fmt.Errorf("illegal path traversal: %q", name)
		}
	}

	if baseDir == "" || baseDir == "." {
		baseDir = "."
	}
	baseAbs, err := filepath.Abs(baseDir)
	if err != nil {
		return "", err
	}
	destAbs, err := filepath.Abs(filepath.Join(baseAbs, filepath.FromSlash(name)))
	if err != nil {
		return "", err
	}
	baseWithSep := baseAbs + string(filepath.Separator)
	if destAbs != baseAbs && !strings.HasPrefix(destAbs, baseWithSep) {
		return "", fmt.Errorf("illegal path escapes destination: %q", name)
	}
	return destAbs, nil
}

func fileToZipWriter(file *os.File, prefix string, zw *zip.Writer) error {
	info, err := file.Stat()
	if err != nil {
		return err
	}
	if info.IsDir() {
		if prefix == "" {
			prefix = info.Name()
		} else {
			prefix = prefix + "/" + info.Name()
		}

		fileInfos, err := file.Readdir(-1)
		if err != nil {
			return err
		}
		for _, fi := range fileInfos {
			f, err := os.Open(file.Name() + "/" + fi.Name())
			if err != nil {
				return err
			}
			err = fileToZipWriter(f, prefix, zw)
			if err != nil {
				return err
			}
		}
	} else {
		header, err := zip.FileInfoHeader(info)
		if prefix != "" {
			header.Name = prefix + "/" + header.Name
		}
		if err != nil {
			return err
		}
		writer, err := zw.CreateHeader(header)
		if err != nil {
			return err
		}
		_, err = io.Copy(writer, file)
		file.Close()
		if err != nil {
			return err
		}
	}
	return nil
}