Security Risks in Archive Decompression Across Programming Languages
/ 1 min read
🗂️✨ Research Highlights Security Risks of Archive Decompression Across Programming Languages. An internship project at Doyensec focused on identifying vulnerabilities in archive file handling across popular programming languages, including Python, Ruby, Swift, Java, PHP, and JavaScript. The research demonstrated how improper extraction methods could lead to security risks, such as path traversal attacks, and included proof-of-concept code to illustrate these vulnerabilities. To aid developers, the project produced safe alternatives and a web application for testing archive extraction implementations. Additionally, a set of Semgrep rules was created to automate vulnerability detection in larger codebases. The findings emphasize the importance of proper path sanitization and validation to mitigate risks associated with unsafe unpacking. All resources are available on Doyensec’s GitHub repository.
