Skip to content

Commit d88a462

Browse files
msslulumsslulu
committed
fix: zip cross directory attack vulnerability ,ut
1 parent ce180aa commit d88a462

2 files changed

Lines changed: 942 additions & 13 deletions

File tree

base/src/main/java/com/tinyengine/it/common/utils/Utils.java

Lines changed: 7 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -74,6 +74,9 @@ public class Utils {
7474
*/
7575
// 泛型去重方法
7676
public static <T> List<T> removeDuplicates(List<T> list) {
77+
if(list == null) {
78+
return new ArrayList<>();
79+
}
7780
// 使用 Set 去重
7881
Set<T> set = new LinkedHashSet<>(list);
7982
// 返回去重后的 List
@@ -191,7 +194,7 @@ public static List<FileInfo> unzip(MultipartFile multipartFile) throws IOExcepti
191194
* @return File the File
192195
* @throws IOException IOException
193196
*/
194-
private static File createTempDirectory() throws IOException {
197+
static File createTempDirectory() throws IOException {
195198
return Files.createTempDirectory("unzip").toFile();
196199
}
197200

@@ -202,7 +205,7 @@ private static File createTempDirectory() throws IOException {
202205
* @return File the File
203206
* @throws IOException IOException
204207
*/
205-
private static File convertMultipartFileToFile(MultipartFile multipartFile) throws IOException {
208+
static File convertMultipartFileToFile(MultipartFile multipartFile) throws IOException {
206209
File tempFile = File.createTempFile("temp", null);
207210
tempFile.deleteOnExit();
208211
try (FileOutputStream fos = new FileOutputStream(tempFile)) {
@@ -219,7 +222,7 @@ private static File convertMultipartFileToFile(MultipartFile multipartFile) thro
219222
* @return List<FileInfo> the List<FileInfo>
220223
* @throws IOException IOException
221224
*/
222-
private static List<FileInfo> processZipEntries(ZipInputStream zis, File tempDir) throws IOException {
225+
static List<FileInfo> processZipEntries(ZipInputStream zis, File tempDir) throws IOException {
223226
List<FileInfo> fileInfoList = new ArrayList<>();
224227
ZipEntry zipEntry;
225228
// 将 tempDir 转为规范路径(例如解析符号链接、父目录等)
@@ -294,7 +297,7 @@ public static String readFileContent(File file) {
294297
}
295298

296299
// 清理临时文件和目录
297-
private static void cleanUp(File zipFile, File tempDir) {
300+
static void cleanUp(File zipFile, File tempDir) {
298301
// 删除临时的 zip 文件
299302
if (zipFile.exists()) {
300303
if (!zipFile.delete()) {

0 commit comments

Comments
 (0)