Audit required: Path used in archive extraction maybe unsanitized CS-A1014

The ExtractToFile() method takes in a parameter that specifies the destination to which the archive is to be extracted. However, it is possible that this parameter may be unsanitized, especially if it is manually constructed. In such cases, you may end up extracting the archive to a destination outside your control, especially if one or more parameters are obtained via user input. It is therefore recommended that you ensure that this destination is precisely what you need, meaning, the archive is being extracted to the destination that you intend to.

Bad Practice

var destination = directory + folder;
archive.ExtractToFile(destination);

Recommended

var destination = directory + folder;
if (destination.StartsWith(safeDestination))
{
    archive.ExtractToFile(destination);
}

Reference

• A01:2021: Broken Access Control
• A03:2021: Injection
• CWE-20 : Improper Input Validation
• CWE-22 : Improper Limitation of a Pathname to a Restricted Directory
• CWE-99 : Improper Control of Resource Identifiers
• CWE-641 : Improper Restriction of Names for Files and Other Resources