# Zip Slip Path Traversal

- ID: javascript-zip-slip
- Severity: HIGH
- CWE: Path Traversal (CWE-22)
- Languages: JavaScript, TypeScript
- Frameworks: nodejs, express, fastify, koa

## Description

Detects unsafe extraction of zip/tar archives without path validation,
which can lead to arbitrary file writes via path traversal (Zip Slip).

Zip Slip is a form of path traversal attack where a malicious archive contains
entries with paths like "../../../etc/passwd" that escape the intended extraction
directory and overwrite arbitrary files on the system.

Vulnerable patterns:
1. Extracting zip entries without validating the extracted path
2. Not checking if extracted path is inside target directory
3. Trusting entry.fileName from the archive
4. Not normalizing/resolving paths before extraction

Impact:
- Arbitrary file overwrite (RCE if overwriting .bashrc, cron jobs, etc.)
- Configuration tampering
- Code injection (overwriting source files)
- Data exfiltration (overwriting log files)

## Detection Message

Unsafe archive extraction detected. Archive entry path from {source} is used
in {sink} without validation, allowing path traversal attacks (Zip Slip).

An attacker can include malicious entries like "../../../etc/passwd" to
overwrite arbitrary files on the system.

## Remediation

Validate extracted paths are inside the target directory:

```javascript
const path = require('path');

function isPathSafe(baseDir, targetPath) {
  const resolvedBase = path.resolve(baseDir);
  const resolvedTarget = path.resolve(baseDir, targetPath);
  return resolvedTarget.startsWith(resolvedBase + path.sep);
}

for (const entry of zip.getEntries()) {
  if (!isPathSafe(targetDir, entry.entryName)) {
    throw new Error('Path traversal attempt');
  }
  zip.extractEntryTo(entry, targetDir, false, true);
}
```

Learn more: https://shoulder.dev/learn/javascript/cwe-22/zip-slip

## Documentation

[object Object]

## Related Rules

- **Path Traversal via File Operations** [HIGH]: 
- **Zip Slip / Path Traversal in Archive** [HIGH]: 
- **Path Traversal in File Operations** [CRITICAL]: 
- **Path Traversal / Directory Traversal** [HIGH]: 
- **Zip Slip / Archive Path Traversal** [HIGH]: