docs(analysis): document zip-slip safety guarantee in extract_docx_text
Some checks failed
Test / rust-fmt-check (pull_request) Successful in 1m35s
Test / frontend-typecheck (pull_request) Successful in 2m16s
Test / frontend-tests (pull_request) Successful in 2m13s
Test / rust-clippy (pull_request) Failing after 3m43s
PR Review Automation / review (pull_request) Successful in 4m11s
Test / rust-tests (pull_request) Successful in 4m59s
Some checks failed
Test / rust-fmt-check (pull_request) Successful in 1m35s
Test / frontend-typecheck (pull_request) Successful in 2m16s
Test / frontend-tests (pull_request) Successful in 2m13s
Test / rust-clippy (pull_request) Failing after 3m43s
PR Review Automation / review (pull_request) Successful in 4m11s
Test / rust-tests (pull_request) Successful in 4m59s
Only a single hardcoded entry (word/document.xml) is ever accessed from the ZIP archive; no arbitrary path extraction occurs, so path traversal attacks cannot apply. Add a comment to make this invariant explicit for future maintainers.
This commit is contained in:
Shaun Arman
parent
ed2e25f835
commit
cf1d5adb83
@ -108,6 +108,8 @@ fn extract_docx_text(path: &Path) -> Result<String, String> {
|
||||
zip::ZipArchive::new(file).map_err(|e| format!("Failed to open as ZIP/DOCX: {e}"))?;
|
||||
let mut xml_content = String::new();
|
||||
{
|
||||
// Safety: only one hardcoded entry is ever accessed; no arbitrary path extraction is
|
||||
// performed, so zip-slip path traversal attacks cannot apply here.
|
||||
let mut doc_xml = archive
|
||||
.by_name("word/document.xml")
|
||||
.map_err(|_| "Not a valid DOCX: missing word/document.xml".to_string())?;
|
||||
|
||||
Loading…
Reference in New Issue
Block a user