Skip to content

Commit

Permalink
[#514] third try to fix security alert
Browse files Browse the repository at this point in the history
  • Loading branch information
@laurentschoelens @mattrpav
laurentschoelens authored and mattrpav committed Apr 9, 2024
1 parent bf172b9 commit da513ff
Showing 1 changed file with 2 additions and 2 deletions.
4 changes: 2 additions & 2 deletions maven-plugin/plugin-core/src/main/java/org/jvnet/jaxb/maven/util/JarScanner.java
View file
Expand Up @@ -54,8 +54,8 @@ public void scan() {
while (jarFileEntries.hasMoreElements()) {
JarEntry entry = jarFileEntries.nextElement();
String name = entry.getName();
File file = new File(destinationDir, entry.getName());
if (!file.toPath().normalize().startsWith(destinationDir.toPath())) {
File file = new File(destinationDir, name);
if ((name != null && name.startsWith("..")) || !file.toPath().normalize().startsWith(destinationDir.toPath())) {
throw new IOException("Bad zip entry for " + entry.getName());
}
char[][] tokenizedName = tokenizePathToCharArray(name, File.separator);
Expand Down

0 comments on commit da513ff

Please sign in to comment.