When dealing with unzip, it may also be worth looking at the zip-slip vulnerability.
It writes data to files, it may be used to do privileged writes or write files outside a restricted file system.
Can be used to change the location the file is unzipped. In this example, the files are unzipped to /root/.
unzip -d /root/ archive.zip -d /tmp/It reads data from files, it may be used to do privileged reads or disclose files outside a restricted file system.
Can be used to read locate archives. The contents of the files and the filenames are shown.
unzip -c archive.zipCan be used to read locate archives. The contents of the files are shown.
unzip -p archive.zip