-
Notifications
You must be signed in to change notification settings - Fork 2k
Expand file tree
/
Copy pathZipTest.java
More file actions
85 lines (75 loc) · 3.06 KB
/
ZipTest.java
File metadata and controls
85 lines (75 loc) · 3.06 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
import java.io.*;
import java.nio.file.*;
import java.util.zip.*;
import java.util.*;
public class ZipTest {
public void m1(ZipEntry entry, File dir) throws Exception {
String name = entry.getName();
File file = new File(dir, name);
FileOutputStream os = new FileOutputStream(file); // ZipSlip
RandomAccessFile raf = new RandomAccessFile(file, "rw"); // ZipSlip
FileWriter fw = new FileWriter(file); // ZipSlip
}
public void m2(ZipEntry entry, File dir) throws Exception {
String name = entry.getName();
File file = new File(dir, name);
File canFile = file.getCanonicalFile();
String canDir = dir.getCanonicalPath();
if (!canFile.toPath().startsWith(canDir))
throw new Exception();
FileOutputStream os = new FileOutputStream(file); // OK
}
public void m3(ZipEntry entry, File dir) throws Exception {
String name = entry.getName();
File file = new File(dir, name);
if (!file.toPath().normalize().startsWith(dir.toPath()))
throw new Exception();
FileOutputStream os = new FileOutputStream(file); // OK
}
private void validate(File tgtdir, File file) throws Exception {
File canFile = file.getCanonicalFile();
if (!canFile.toPath().startsWith(tgtdir.toPath()))
throw new Exception();
}
public void m4(ZipEntry entry, File dir) throws Exception {
String name = entry.getName();
File file = new File(dir, name);
validate(dir, file);
FileOutputStream os = new FileOutputStream(file); // OK
}
public void m5(ZipEntry entry, File dir) throws Exception {
String name = entry.getName();
File file = new File(dir, name);
Path absfile = file.toPath().toAbsolutePath().normalize();
Path absdir = dir.toPath().toAbsolutePath().normalize();
if (!absfile.startsWith(absdir))
throw new Exception();
FileOutputStream os = new FileOutputStream(file); // OK
}
public void m6(ZipEntry entry, Path dir) throws Exception {
String canonicalDest = dir.toFile().getCanonicalPath();
Path target = dir.resolve(entry.getName());
String canonicalTarget = target.toFile().getCanonicalPath();
if (!canonicalTarget.startsWith(canonicalDest + File.separator))
throw new Exception();
OutputStream os = Files.newOutputStream(target); // OK
}
// GOOD: Entry name used for read-only operations, not file extraction
public void m7(ZipEntry entry) throws Exception {
String name = entry.getName();
// ClassLoader resource lookup is not a file write
ClassLoader.getSystemResources(name); // OK - read-only resource lookup
}
// GOOD: Entry name used for FileInputStream (read-only)
public void m8(ZipEntry entry, File dir) throws Exception {
String name = entry.getName();
File file = new File(dir, name);
FileInputStream fis = new FileInputStream(file); // OK - read-only
}
// GOOD: Entry name used for File.exists() check (read-only)
public void m9(ZipEntry entry, File dir) throws Exception {
String name = entry.getName();
File file = new File(dir, name);
boolean exists = file.exists(); // OK - read-only inspection
}
}