Skip to content
Permalink
Browse files Browse the repository at this point in the history
the a Path Traversal vulnerability reported by Google
  • Loading branch information
dmitriy committed May 25, 2022
1 parent 6974a7c commit 1bac15c
Showing 1 changed file with 2 additions and 0 deletions.
2 changes: 2 additions & 0 deletions 1.x/src/rogatkin/web/WarRoller.java 100644 → 100755
Expand Up @@ -131,6 +131,8 @@ public boolean deployWar(File warFile, File deployTarDir) {
String en = ze.getName();
if (File.separatorChar == '/')
en = en.replace('\\', File.separatorChar);
if (en.contains("../") || en.contains("/.."))
throw new IOException("The file name " + en + " contains .. which can lead to a Path Traversal vulnerability");
File outFile = new File(deployDir, en);
if (ze.isDirectory()) {
outFile.mkdirs();
Expand Down

0 comments on commit 1bac15c

Please sign in to comment.