Permalink
Browse files

Merge pull request #121 from shana/bugs/relative-paths

Sanitize zip entry paths before extracting
  • Loading branch information...
shana committed May 7, 2018
2 parents 1b8aded + ff2922d commit 55d2c13c0cc64654e18fcdd0038fdb3d7458e366
@@ -2581,6 +2581,30 @@ public void Extract_AndroidApp()
}


[TestMethod]
public void Extract_ZipWithRelativePathsOutside()
{
_Extract_ZipFile("relative-paths-outside.zip");
Assert.IsTrue(File.Exists(@"extract\good.txt"));
Assert.IsTrue(File.Exists(@"extract\Temp\evil.txt"));
}

[TestMethod]
public void Extract_ZipWithRelativePathsInSubdir()
{
_Extract_ZipFile("relative-paths-in-subdir.zip");
Assert.IsTrue(File.Exists(@"extract\good.txt"));
Assert.IsTrue(File.Exists(@"extract\Temp\evil.txt"));
}

[TestMethod]
public void Extract_ZipWithRelativePathsInSubdirOutside()
{
_Extract_ZipFile("relative-paths-in-subdir-outside.zip");
Assert.IsTrue(File.Exists(@"extract\good.txt"));
Assert.IsTrue(File.Exists(@"extract\Temp\evil.txt"));
}

private void _Extract_ZipFile(string fileName)
{
TestContext.WriteLine("Current Dir: {0}", CurrentDir);
@@ -159,6 +159,15 @@
<Content Include="zips\wizzquiz.zip">
<CopyToOutputDirectory>Always</CopyToOutputDirectory>
</Content>
<Content Include="zips\relative-paths-in-subdir.zip">
<CopyToOutputDirectory>Always</CopyToOutputDirectory>
</Content>
<Content Include="zips\relative-paths-outside.zip">
<CopyToOutputDirectory>Always</CopyToOutputDirectory>
</Content>
<Content Include="zips\relative-paths-in-subdir-outside.zip">
<CopyToOutputDirectory>Always</CopyToOutputDirectory>
</Content>
</ItemGroup>
<ItemGroup>
<Content Include="zips\winzip-sfx.exe">
Binary file not shown.
Binary file not shown.
Binary file not shown.
@@ -157,6 +157,46 @@ public static string NormalizePathForUseInZipFile(string pathName)
return SimplifyFwdSlashPath(pathName);
}

/// <summary>
/// Sanitize paths in zip files. This means making sure that relative paths in a zip file don't go outside
/// the top directory. Entries like something/../../../../Temp/evil.txt get sanitized to Temp/evil.txt
/// when extracting
/// </summary>
/// <param name="path">A path with forward slashes as directory separator</param>
/// <returns>sanitized path</returns>
public static string SanitizePath(string path)
{
System.Collections.Generic.List<string> dirs = new System.Collections.Generic.List<string>();
int level = 0;
foreach (string dir in path.Split('/'))
{
if (dir == "..")
{
if (level == 0)
continue;
level--;
}
else
{
if (dirs.Count - 1 < level)
dirs.Add(dir);
else
dirs[level] = dir;
level++;
}
}

path = "";
for (int i = 0; i < level; i++)
{
if (i > 0)
path += "/";
path += dirs[i];
}

return path;
}


//static System.Text.Encoding ibm437 = System.Text.Encoding.GetEncoding("IBM437");
static System.Text.Encoding utf8 = System.Text.Encoding.GetEncoding("UTF-8");
@@ -1422,6 +1422,8 @@ bool IsDoneWithOutputToBaseDir(string baseDir, out string outFileName)
if (f.StartsWith("/"))
f = f.Substring(1);

f = SharedUtilities.SanitizePath(f);

// String.Contains is not available on .NET CF 2.0
outFileName = _container.ZipFile.FlattenFoldersOnExtract
? Path.Combine(baseDir, f.IndexOf('/') != -1 ? Path.GetFileName(f) : f)

0 comments on commit 55d2c13

Please sign in to comment.