(camel-spring-boot) branch main updated: Add a check for path traversal for SAST tests (#990)

Fri, 27 Oct 2023 04:57:32 -0700 

This is an automated email from the ASF dual-hosted git repository.

davsclaus pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/camel-spring-boot.git


The following commit(s) were added to refs/heads/main by this push:
     new ec7d84f2ff1 Add a check for path traversal for SAST tests (#990)
ec7d84f2ff1 is described below

commit ec7d84f2ff1273140cbe7926cdfe34fd9fa33a5e
Author: Tom Cunningham <[email protected]>
AuthorDate: Fri Oct 27 07:55:44 2023 -0400

    Add a check for path traversal for SAST tests (#990)
---
 .../dataformat/zipfile/springboot/ZipFileDataFormatTest.java | 12 +++++++++++-
 1 file changed, 11 insertions(+), 1 deletion(-)

diff --git 
a/components-starter/camel-zipfile-starter/src/test/java/org/apache/camel/dataformat/zipfile/springboot/ZipFileDataFormatTest.java
 
b/components-starter/camel-zipfile-starter/src/test/java/org/apache/camel/dataformat/zipfile/springboot/ZipFileDataFormatTest.java
index 1e5ddaa0902..63236668b79 100644
--- 
a/components-starter/camel-zipfile-starter/src/test/java/org/apache/camel/dataformat/zipfile/springboot/ZipFileDataFormatTest.java
+++ 
b/components-starter/camel-zipfile-starter/src/test/java/org/apache/camel/dataformat/zipfile/springboot/ZipFileDataFormatTest.java
@@ -368,7 +368,17 @@ public class ZipFileDataFormatTest {
                                 public void process(Exchange exchange) throws 
Exception {
                                     ZipFile zfile = new ZipFile(new 
File("src/test/resources/hello.odt"));
                                     ZipEntry entry = new ZipEntry((String) 
exchange.getIn().getHeader(Exchange.FILE_NAME));
-                                    File file = new File("hello_out", 
entry.getName());
+                                    String outputDirectory = "hello_out";
+                                    File file = new File(outputDirectory, 
entry.getName());
+
+                                    // Check for Path Traversal
+                                    File destDirectory = new 
File(outputDirectory);
+                                    String destCanonicalPath = 
destDirectory.getCanonicalPath();
+                                    String outputCanonicalPath = 
file.getCanonicalPath();
+                                    if 
(!outputCanonicalPath.startsWith(destCanonicalPath)) {
+                                        throw new Exception("Zip path 
traversal found, expected " + destCanonicalPath + " but found " + 
outputCanonicalPath);
+                                    }
+
                                     if (entry.isDirectory()) {
                                         file.mkdirs();
                                     } else {

Reply via email to