From 8f4d92d70edda7cf16013ea0dc0a22d9f3efe7a4 Mon Sep 17 00:00:00 2001
From: Federico Di Pierro <nierro92@gmail.com>
Date: Thu, 9 Nov 2023 09:19:09 +0100
Subject: [PATCH] chore(internal/utils): moved gzip header containing ".."
 check above.

Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
---
 internal/utils/extract.go | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/internal/utils/extract.go b/internal/utils/extract.go
index 762fe48d6..92e314211 100644
--- a/internal/utils/extract.go
+++ b/internal/utils/extract.go
@@ -49,6 +49,10 @@ func ExtractTarGz(gzipStream io.Reader, destDir string, stripPathComponents int)
 			return nil, err
 		}
 
+		if strings.Contains(header.Name, "..") {
+			return nil, fmt.Errorf("not allowed relative path in tar archive")
+		}
+
 		strippedName := stripComponents(header.Name, stripPathComponents)
 
 		switch header.Typeflag {
@@ -59,10 +63,6 @@ func ExtractTarGz(gzipStream io.Reader, destDir string, stripPathComponents int)
 			}
 			files = append(files, d)
 		case tar.TypeReg:
-			if strings.Contains(header.Name, "..") {
-				return nil, fmt.Errorf("not allowed relative path in tar archive")
-			}
-
 			f := filepath.Join(destDir, strippedName)
 			outFile, err := os.Create(filepath.Clean(f))
 			if err != nil {