in internal/extraction/extraction.go [105:139]
func RepackageTarGzip(in io.Reader, outputDirPrefix string, zipFile *archive.ZipFile) error {
gzReader, err := gzip.NewReader(in)
if err != nil {
return err
}
topLevelDir := ""
tarReader := tar.NewReader(gzReader)
for {
header, err := tarReader.Next()
if err != nil {
if !errors.Is(err, io.EOF) {
return err
}
break
}
switch header.Typeflag {
case tar.TypeDir:
if topLevelDir == "" {
topLevelDir = header.Name
}
continue
case tar.TypeReg:
out, err := zipFile.Create(toOutputPath(header.Name, topLevelDir, outputDirPrefix))
if err != nil {
return err
}
// accept decompression bomb for CLI tool as we control the src
_, err = io.Copy(out, tarReader) //nolint:gosec
if err != nil {
return err
}
}
}
return nil
}