diff options
author | Damien Neil <dneil@google.com> | 2022-11-21 11:32:39 -0800 |
---|---|---|
committer | Damien Neil <dneil@google.com> | 2022-11-21 21:14:38 +0000 |
commit | 85a2c19b328081c3fbcd1fa3db9a56d708a25c68 (patch) | |
tree | 64a79901e3237069743bf38998d2485d2c651803 /doc | |
parent | f60c77026bb47db984c5da7e6f0590010e7e1a6f (diff) | |
download | go-git-85a2c19b328081c3fbcd1fa3db9a56d708a25c68.tar.gz |
archive/tar, archive/zip: disable insecure file name checks with GODEBUG
Add GODEBUG=tarinsecurepath=1 and GODEBUG=zipinsecurepath=1 settings
to disable file name validation.
For #55356.
Change-Id: Iaacdc629189493e7ea3537a81660215a59dd40a4
Reviewed-on: https://go-review.googlesource.com/c/go/+/452495
Reviewed-by: Bryan Mills <bcmills@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
Run-TryBot: Damien Neil <dneil@google.com>
Reviewed-by: Russ Cox <rsc@golang.org>
Reviewed-by: Heschi Kreinick <heschi@google.com>
Diffstat (limited to 'doc')
-rw-r--r-- | doc/go1.20.html | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/doc/go1.20.html b/doc/go1.20.html index 1cbc993087..ebefbe6e06 100644 --- a/doc/go1.20.html +++ b/doc/go1.20.html @@ -293,6 +293,10 @@ proxyHandler := &httputil.ReverseProxy{ Programs that want to operate on archives containing insecure file names may ignore this error. </p> + <p> + Insecure tar file name checks may be entirely disabled by setting the + <code>GODEBUG=tarinsecurepath=1</code> environment variable. + </p> </dd> </dl><!-- archive/tar --> @@ -308,6 +312,10 @@ proxyHandler := &httputil.ReverseProxy{ Programs that want to operate on archives containing insecure file names may ignore this error. </p> + <p> + Insecure zip file name checks may be entirely disabled by setting the + <code>GODEBUG=zipinsecurepath=1</code> environment variable. + </p> <p><!-- CL 449955 --> Reading from a directory file that contains file data will now return an error. The zip specification does not permit directory files to contain file data, |