Skip to content

Commit

Permalink
Replaces ZipInputStream with ZipFile to fix ZipSlip vulnerability
Browse files Browse the repository at this point in the history 
More details about the vulenrability can be found on https://github.com/snyk/zip-slip-vulnerability

Signed-off-by: Darshit Chanpura <dchanp@amazon.com>
  • Loading branch information
@DarshitChanpura
DarshitChanpura committed Apr 18, 2023
1 parent c1026e3 commit f76bc76
Showing 1 changed file with 7 additions and 5 deletions.
12 changes: 7 additions & 5 deletions distribution/tools/plugin-cli/src/main/java/org/opensearch/plugins/InstallPluginCommand.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -89,6 +89,7 @@
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.HashSet;
import java.util.LinkedHashMap;
Expand All @@ -100,7 +101,7 @@
import java.util.TreeSet;
import java.util.stream.Collectors;
import java.util.zip.ZipEntry;
import java.util.zip.ZipInputStream;
import java.util.zip.ZipFile;

import static org.opensearch.cli.Terminal.Verbosity.VERBOSE;

Expand Down Expand Up @@ -716,10 +717,12 @@ private Path unzip(Path zip, Path pluginsDir) throws IOException, UserException
final Path target = stagingDirectory(pluginsDir);
pathsToDeleteOnShutdown.add(target);

try (ZipInputStream zipInput = new ZipInputStream(Files.newInputStream(zip))) {
try (ZipFile zipFile = new ZipFile(zip.toString())) {
final Enumeration<? extends ZipEntry> entries = zipFile.entries();
ZipEntry entry;
byte[] buffer = new byte[8192];
while ((entry = zipInput.getNextEntry()) != null) {
while (entries.hasMoreElements()) {
entry = entries.nextElement();
if (entry.getName().startsWith("opensearch/")) {
throw new UserException(
PLUGIN_MALFORMED,
Expand Down Expand Up @@ -749,12 +752,11 @@ private Path unzip(Path zip, Path pluginsDir) throws IOException, UserException
if (entry.isDirectory() == false) {
try (OutputStream out = Files.newOutputStream(targetFile)) {
int len;
while ((len = zipInput.read(buffer)) >= 0) {
while ((len = zipFile.getInputStream(entry).read(buffer)) >= 0) {
out.write(buffer, 0, len);
}
}
}
zipInput.closeEntry();
}
} catch (UserException e) {
IOUtils.rm(target);
Expand Down

0 comments on commit f76bc76

Please sign in to comment.