# Zip Slip / Path Traversal in Archive

- ID: go-zip-slip
- Severity: HIGH
- CWE: Path Traversal (CWE-22)
- Languages: Go

## Description

Archive extraction uses filename without validating it stays within target directory.

## Remediation

Validate extracted paths are within the target directory.

```go
destPath := filepath.Join(destDir, filepath.Clean(f.Name))
if !strings.HasPrefix(destPath, filepath.Clean(destDir)+string(os.PathSeparator)) {
    return errors.New("illegal file path")
}
outFile, _ := os.Create(destPath)
```

Learn more: https://shoulder.dev/learn/go/cwe-22/zip-slip

## Related Rules

- **Path Traversal via File Operations** [HIGH]: 
- **Path Traversal in File Operations** [CRITICAL]: 
- **Zip Slip Path Traversal** [HIGH]: 
- **Path Traversal / Directory Traversal** [HIGH]: 
- **Zip Slip / Archive Path Traversal** [HIGH]: