Skip to content

Commit 2b42519

Browse files
ZipUtil.java - check for path traversal attack
1 parent 09315b9 commit 2b42519

File tree

1 file changed

+1
-0
lines changed

1 file changed

+1
-0
lines changed

Diff for: modules/common/app/utils/common/ZipUtil.java

+1
Original file line numberDiff line numberDiff line change
@@ -34,6 +34,7 @@ public class ZipUtil {
3434
* zip's content in there. The method can handle recursive unzipping of sub-directories.
3535
*/
3636
public static File unzip(File fileToUnzip, File destDir) throws IOException {
37+
destDir = destDir.toPath().normalize().toFile(); // normalize to prevent path traversal attacks
3738
FileUtils.deleteQuietly(destDir);
3839
IOUtils.createDir(destDir);
3940
destDir.deleteOnExit();

0 commit comments

Comments
 (0)