[linkis] branch dev-1.3.2 updated: fix zip utils bug (#4279)

Wed, 01 Mar 2023 18:34:02 -0800 

This is an automated email from the ASF dual-hosted git repository.

peacewong pushed a commit to branch dev-1.3.2
in repository https://gitbox.apache.org/repos/asf/linkis.git


The following commit(s) were added to refs/heads/dev-1.3.2 by this push:
     new 9a6b01037 fix zip utils bug (#4279)
9a6b01037 is described below

commit 9a6b010378b2c95975dd5e232f5fb95e0df7f094
Author: 4ra1n <[email protected]>
AuthorDate: Thu Mar 2 10:33:49 2023 +0800

    fix zip utils bug (#4279)
---
 .../org/apache/linkis/common/utils/ZipUtils.scala      | 18 +++++++++++++++---
 1 file changed, 15 insertions(+), 3 deletions(-)

diff --git 
a/linkis-commons/linkis-common/src/main/scala/org/apache/linkis/common/utils/ZipUtils.scala
 
b/linkis-commons/linkis-common/src/main/scala/org/apache/linkis/common/utils/ZipUtils.scala
index 8396f2201..206ed1be8 100644
--- 
a/linkis-commons/linkis-common/src/main/scala/org/apache/linkis/common/utils/ZipUtils.scala
+++ 
b/linkis-commons/linkis-common/src/main/scala/org/apache/linkis/common/utils/ZipUtils.scala
@@ -224,7 +224,11 @@ object ZipUtils {
       }
       var entry = zipIn.getNextEntry
       while (entry != null) {
-        val filePath = destDir.getPath + File.separator + entry.getName
+        var entryName = entry.getName
+        if (entryName.contains(".." + File.separator)) {
+          throw new IOException("Zip entry contains illegal characters: " + 
entryName)
+        }
+        val filePath = destDir.getPath + File.separator + entryName
         if (!entry.isDirectory) {
           extractPath(zipIn, filePath)
         } else {
@@ -269,7 +273,11 @@ object ZipUtils {
       }
       var entry = zipIn.getNextEntry
       while (entry != null) {
-        val filePath = destDir.getPath + File.separator + entry.getName
+        var entryName = entry.getName
+        if (entryName.contains(".." + File.separator)) {
+          throw new IOException("Zip entry contains illegal characters: " + 
entryName)
+        }
+        val filePath = destDir.getPath + File.separator + entryName
         if (!entry.isDirectory) {
           extractFsPath(zipIn, filePath)
         } else {
@@ -317,7 +325,11 @@ object ZipUtils {
       }
       var entry = zipIn.getNextEntry
       while (entry != null) {
-        val filePath = destDir.getPath + File.separator + entry.getName
+        var entryName = entry.getName
+        if (entryName.contains(".." + File.separator)) {
+          throw new IOException("Zip entry contains illegal characters: " + 
entryName)
+        }
+        val filePath = destDir.getPath + File.separator + entryName
         if (!entry.isDirectory) {
           extractFile(zipIn, filePath)
         } else {


---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to