Changeset 17964 in josm for trunk/src/org

Timestamp:

2021-07-08T21:40:58+02:00 (3 years ago)

Author:

Don-vip

Message:

see #20257 - CodeQL - java/zipslip - Checks for Zip Slip Vulnerability (CWE-22 / path traversal)

File:

• trunk/src/org/openstreetmap/josm/gui/io/DownloadFileTask.java (modified) (3 diffs)

trunk/src/org/openstreetmap/josm/gui/io/DownloadFileTask.java

@@ -14 +14 @@
 import java.nio.file.Files;
 import java.nio.file.InvalidPathException;
+import java.nio.file.Path;
+import java.nio.file.Paths;
 import java.nio.file.StandardCopyOption;
 import java.util.Enumeration;
@@ -181 +183 @@
      */
     public static void unzipFileRecursively(File file, String dir) throws IOException {
+        Path dirPath = Paths.get(dir);
         try (ZipFile zf = new ZipFile(file, StandardCharsets.UTF_8)) {
             Enumeration<? extends ZipEntry> es = zf.entries();
@@ -186 +189 @@
                 ZipEntry ze = es.nextElement();
                 File newFile = new File(dir, ze.getName());
+                // Checks for Zip Slip Vulnerability (CWE-22 / path traversal)
+                if (!newFile.toPath().normalize().startsWith(dirPath)) {
+                    throw new IOException("Bad zip entry - Invalid or malicious file, potential CWE-22 attack");
+                }
                 if (ze.isDirectory()) {
                     Utils.mkDirs(newFile);