Cynosphere/bcv-vf
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Mitigate Zip Slip exlpoit

Browse source
This commit is contained in:
Nico Mexis 2022-01-07 21:37:24 +01:00
parent 5624f3f010
commit c968e94b2c
No known key found for this signature in database
GPG key ID: 27D6E17CE092AB78
1 changed files with 9 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
src/main/java/the/bytecode/club/bytecodeviewer/util/ZipUtils.java
View file

@ -35,6 +35,7 @@ import java.util.zip.ZipOutputStream;
*/
public final class ZipUtils {
// TODO: Maybe migrate to org.apache.commons.compress.archivers.examples.Expander?
/**
* Unzip files to path.
*
@ -67,6 +68,11 @@ public final class ZipUtils {
String fileName = destinationDir + File.separator + entry.getName();
File f = new File(fileName);
if (!f.getCanonicalPath().startsWith(destinationDir)) {
System.out.println("Zip Slip exploit detected. Skipping entry " + entry.getName());
continue;
}
File parent = f.getParentFile();
if (!parent.exists()) {
parent.mkdirs();