Skip to content
Permalink
Browse files

Remove unnecessary check for the `..`

The check for `startsWith(workDirectory)` in the target file
canonical path is fully enough
  • Loading branch information...
artembilan committed May 4, 2018
1 parent e7964f7 commit 8d1752cb98f40abe521cc35884efe68c577b64eb
@@ -136,8 +136,7 @@ public void process(InputStream zipEntryInputStream, ZipEntry zipEntry) throws I
/* If we see the relative traversal string of ".." we need to make sure
* that the outputdir + name doesn't leave the outputdir.
*/
if (zipEntryName.contains("..") &&
!destinationFile.getCanonicalPath().startsWith(workDirectory.getCanonicalPath())) {
if (!destinationFile.getCanonicalPath().startsWith(workDirectory.getCanonicalPath())) {
throw new ZipException("The file " + zipEntryName +
" is trying to leave the target output directory of " + workDirectory);
}

0 comments on commit 8d1752c

Please sign in to comment.
You can’t perform that action at this time.