Revert "vuln-fix: Zip Slip Vulnerability"

This reverts commit 627bbc9.
zeroturnaround · Sep 11, 2022 · bdf14f6 · bdf14f6
1 parent 6949358
commit bdf14f6
Show file tree

Hide file tree

Showing 2 changed files with 2 additions and 6 deletions.
diff --git a/src/main/java/org/zeroturnaround/zip/ZipUtil.java b/src/main/java/org/zeroturnaround/zip/ZipUtil.java
@@ -1140,7 +1140,7 @@ private static File checkDestinationFileForTraversal(File outputDir, String name
      * that the outputdir + name doesn't leave the outputdir. See
      * DirectoryTraversalMaliciousTest for details.
      */
-    if (name.indexOf("..") != -1 && !destFile.getCanonicalFile().toPath().startsWith(outputDir.getCanonicalFile().toPath())) {
+    if (name.indexOf("..") != -1 && !destFile.getCanonicalPath().startsWith(outputDir.getCanonicalPath())) {
       throw new MaliciousZipException(outputDir, name);
     }
     return destFile;

diff --git a/src/test/java/example/UnpackExample.java b/src/test/java/example/UnpackExample.java
@@ -26,11 +26,7 @@ public static void usual() throws IOException {
         OutputStream out = null; 
         try {
           in = zf.getInputStream(e);
-          final File zipEntryFile = new File("demo", e.getName());
-          if (!zipEntryFile.toPath().normalize().startsWith("demo")) {
-            throw new IOException("Bad zip entry");
-          }
-          out = new FileOutputStream(zipEntryFile);
+          out = new FileOutputStream(new File("demo", e.getName()));
           IOUtils.copy(in, out);
         }
         finally {