Skip to content
Permalink
Browse files Browse the repository at this point in the history
ZipUtil.java - check for path traversal attack
  • Loading branch information
kristian-lange committed Apr 23, 2022
1 parent 09315b9 commit 2b42519
Showing 1 changed file with 1 addition and 0 deletions.
1 change: 1 addition & 0 deletions modules/common/app/utils/common/ZipUtil.java
Expand Up @@ -34,6 +34,7 @@ public class ZipUtil {
* zip's content in there. The method can handle recursive unzipping of sub-directories.
*/
public static File unzip(File fileToUnzip, File destDir) throws IOException {
destDir = destDir.toPath().normalize().toFile(); // normalize to prevent path traversal attacks
FileUtils.deleteQuietly(destDir);
IOUtils.createDir(destDir);
destDir.deleteOnExit();
Expand Down

0 comments on commit 2b42519

Please sign in to comment.