Move tar and zip extraction into a reusable package #371
Labels
help wanted
Denotes an issue that needs help from a contributor. Must meet "help wanted" guidelines.
kind/cleanup
Categorizes issue or PR as related to cleaning up code, process, or technical debt.
lifecycle/frozen
Indicates that an issue or PR should not be auto-closed due to staleness.
priority/P3
P3 issues or PRs
/kind cleanup
/priority P3
As shown in in the security advisory it's hard to reason about TAR extraction and more importantly: do the job securely.
Let's move the tar + zip extraction code out of pkg/downloader to its own package somewhere so we can use it in other projects.
It would be great to have some of the options to these methods configurable, this would also make tests easier, such as objects like TarGzExtractOptions and ZipExtractOptions with flags like:
The text was updated successfully, but these errors were encountered: