From 20bc95dc84eab50841a280ad5048a0f9a56d2a70 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E4=BD=90=E4=BC=AF=E6=A5=BD?= <guoqiqi@qiqi1996.com>
Date: Fri, 21 May 2021 11:09:52 +0800
Subject: [PATCH] update

---
 src/assets.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/assets.js b/src/assets.js
index 734ac3a..05136ec 100644
--- a/src/assets.js
+++ b/src/assets.js
@@ -107,7 +107,7 @@ async function add(filepath) {
         }
         // Filter the files that not extract to the base path to avoid Zip Slip loophole.
         // Thanks to Kirill from Snyk Secrity for discovered the issue and help me out on fixing.
-        if (path.resolve(basepath, filename).indexOf(basepath) === -1) {
+        if (filename.indexOf("../") !== -1 || path.resolve(basepath, filename).indexOf(basepath) === -1) {
             continue;
         }
         await fs.writeFile(share.uri(path.resolve(basepath, filename)), await zip.file(filename).async("nodebuffer"));