Secure coding guidelines on working with archive files (!73177) · Merge requests · GitLab.org / GitLab

Michael Henriksen requested to merge secure-coding-guildelines-archives into master Oct 27, 2021

What does this MR do and why?

Adds a section in the secure coding guidelines on working with archive files. The section covers Zip Slip/path traversal and symlink vulnerabilities which are the two most commonly seen vulnerabilities in applications working with archives.

/cc @gitlab-com/gl-security/appsec

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

I have evaluated the MR acceptance checklist for this MR.

Admin message

Secure coding guidelines on working with archive files

What does this MR do and why?

MR acceptance checklist

Merge request reports