Inspectopedia 2025.2 Help

RoslynAnalyzers Do Not Add Archive Item's Path To The Target File System Path

When extracting files from an archive and using the archive item's path, check if the path is safe. Archive path can be relative and can lead to file system access outside of the expected file system target path, leading to malicious config changes and remote code execution via lay-and-wait technique.

Locating this inspection

By ID

Can be used to locate inspection in e.g. Qodana configuration files, where you can quickly enable or disable it, or adjust its settings.

CA5389
Via Settings dialog

Path to the inspection settings via IntelliJ Platform IDE Settings dialog, when you need to adjust inspection settings directly from your IDE.

Settings or Preferences | Editor | Inspections | C# | Roslyn Analyzers

Suppressing Inspection

You can suppress this inspection by placing the following comment marker before the code fragment where you no longer want messages from this inspection to appear:

//noinspection CA5389

More detailed instructions as well as other ways and options that you have can be found in the product documentation:

Inspection Details

By default bundled with:

JetBrains Rider 2025.2, Qodana for .NET 2025.2,

Last modified: 18 September 2025
RoslynAnalyzers Dispose objects before losing scopeRoslynAnalyzers Do Not Add Certificates To Root Store