Fix zip slip vulnerability. Closes #1840.
This commit is contained in:
parent
de86a162fa
commit
e243e73e40
@ -440,7 +440,11 @@ public class ImportingUtilities {
|
||||
name = name.substring(0, q);
|
||||
}
|
||||
|
||||
File file = new File(dir, name);
|
||||
File file = new File(dir, name);
|
||||
// For CVE-2018-19859, issue #1840
|
||||
if (!file.toPath().normalize().startsWith(dir.toPath().normalize())) {
|
||||
throw new IllegalArgumentException("Zip archives with files escaping their root directory are not allowed.");
|
||||
}
|
||||
|
||||
int dot = name.indexOf('.');
|
||||
String prefix = dot < 0 ? name : name.substring(0, dot);
|
||||
|
@ -36,6 +36,12 @@ public class ImportingUtilitiesTests extends ImporterTest {
|
||||
Assert.assertTrue(pm.getTags().length == 0);
|
||||
}
|
||||
|
||||
@Test(expectedExceptions=IllegalArgumentException.class)
|
||||
public void testZipSlip() {
|
||||
// For CVE-2018-19859, issue #1840
|
||||
ImportingUtilities.allocateFile(workspaceDir, "../../script.sh");
|
||||
}
|
||||
|
||||
private ObjectNode getNestedOptions(ImportingJob job, TreeImportingParserBase parser) {
|
||||
ObjectNode options = parser.createParserUIInitializationData(
|
||||
job, new LinkedList<>(), "text/json");
|
||||
|
Loading…
Reference in New Issue
Block a user