@@ -35,6 +35,7 @@
*/
public final class ZipUtils {
// TODO: Maybe migrate to org.apache.commons.compress.archivers.examples.Expander?
/**
* Unzip files to path.
*
@@ -67,6 +68,11 @@ public static void unzipFilesToPath(String jarPath, String destinationDir) throw
String fileName = destinationDir + File .separator + entry .getName ();
File f = new File (fileName );
if (!f .getCanonicalPath ().startsWith (destinationDir )) {
System .out .println ("Zip Slip exploit detected. Skipping entry " + entry .getName ());
continue ;
}
File parent = f .getParentFile ();
if (!parent .exists ()) {
parent .mkdirs ();
@@ -106,15 +112,15 @@ public static void zipFile(File inputFile, File outputZip) {
public static void zipFolder (String srcFolder , String destZipFile , String ignore ) throws Exception {
try (FileOutputStream fileWriter = new FileOutputStream (destZipFile );
ZipOutputStream zip = new ZipOutputStream (fileWriter )){
ZipOutputStream zip = new ZipOutputStream (fileWriter )) {
addFolderToZip ("" , srcFolder , zip , ignore );
zip .flush ();
}
}
public static void zipFolderAPKTool (String srcFolder , String destZipFile ) throws Exception {
try (FileOutputStream fileWriter = new FileOutputStream (destZipFile );
ZipOutputStream zip = new ZipOutputStream (fileWriter )){
ZipOutputStream zip = new ZipOutputStream (fileWriter )) {
addFolderToZipAPKTool ("" , srcFolder , zip );
zip .flush ();
}
@@ -199,4 +205,4 @@ public static void addFolderToZipAPKTool(String path, String srcFolder, ZipOutpu
}
}
}
}
}
