Author: fanningpj
Date: Thu Feb 10 00:51:17 2022
New Revision: 1897925
URL: http://svn.apache.org/viewvc?rev=1897925&view=rev
Log:
sonar issue
Modified:
xmlbeans/trunk/src/main/java/org/apache/xmlbeans/impl/common/JarHelper.java
Modified:
xmlbeans/trunk/src/main/java/org/apache/xmlbeans/impl/common/JarHelper.java
URL:
http://svn.apache.org/viewvc/xmlbeans/trunk/src/main/java/org/apache/xmlbeans/impl/common/JarHelper.java?rev=1897925&r1=1897924&r2=1897925&view=diff
==============================================================================
--- xmlbeans/trunk/src/main/java/org/apache/xmlbeans/impl/common/JarHelper.java
(original)
+++ xmlbeans/trunk/src/main/java/org/apache/xmlbeans/impl/common/JarHelper.java
Thu Feb 10 00:51:17 2022
@@ -87,6 +87,10 @@ public class JarHelper {
while ((entry = jis.getNextJarEntry()) != null) {
if (entry.isDirectory()) {
File dir = new File(destDir, entry.getName());
+ String canonicalDestinationPath = dir.getCanonicalPath();
+ if
(!canonicalDestinationPath.startsWith(destDir.getCanonicalPath())) {
+ throw new IOException("Entry is outside of the target
directory " + entry.getName());
+ }
dir.mkdir();
if (entry.getTime() != -1) {
dir.setLastModified(entry.getTime());
@@ -96,6 +100,10 @@ public class JarHelper {
int count;
byte[] data = new byte[BUFFER_SIZE];
File destFile = new File(destDir, entry.getName());
+ String canonicalDestinationPath = destFile.getCanonicalPath();
+ if
(!canonicalDestinationPath.startsWith(destDir.getCanonicalPath())) {
+ throw new IOException("Entry is outside of the target
directory: " + entry.getName());
+ }
if (mVerbose) {
System.out.println("unjarring " + destFile +
" from " + entry.getName());
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
