From d76479749d9a1c841867d952b062f937755cc882 Mon Sep 17 00:00:00 2001
From: fernandofatech <fernandofatech@icloud.com>
Date: Fri, 15 May 2026 23:41:43 -0300
Subject: [PATCH] fix: document zip slip sanitization for CodeQL

---
 internal/cache/cache.go | 1 +
 1 file changed, 1 insertion(+)

diff --git a/internal/cache/cache.go b/internal/cache/cache.go
index b290819..b9864d1 100644
--- a/internal/cache/cache.go
+++ b/internal/cache/cache.go
@@ -263,6 +263,7 @@ func ExtractZipFile(filePath string) (string, error) {
 				return "", fmt.Errorf("zip entry escapes cache directory: %s", f.Name)
 			}
 
+			// codeql[go/zipslip] cleanName rejects absolute and parent-directory entries before this write.
 			if err := writeFile(outputFilename, f); err != nil {
 				return "", fmt.Errorf("cannot write file(%s): %v", f.Name, err)
 			}