[
https://issues.apache.org/jira/browse/TIKA-3942?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Tim Allison updated TIKA-3942:
------------------------------
Description:
We currently rely on data in the container file or in the contained file for
the internal path of an embedded file, e.g.
/zip1.zip/zip2.zip/zip3.zip/something.txt
As a general rule, we should not trust user input, er files. I don't see any
areas for malicious effects, but I can image a combination of events that could
lead to path collisions.
was:
We currently rely on data in the container file or in the contained file for
the internal path of an embedded file, e.g.
/zip1.zip/zip2.zip/zip3.zip/something.txt
As a general rule, we should not trust user input, er files. I don't see any
areas for malicious effects, but I can image a combination of events that could
lead to name collisions.
> Improve naming for embedded file structure paths
> ------------------------------------------------
>
> Key: TIKA-3942
> URL: https://issues.apache.org/jira/browse/TIKA-3942
> Project: Tika
> Issue Type: Task
> Reporter: Tim Allison
> Priority: Minor
>
> We currently rely on data in the container file or in the contained file for
> the internal path of an embedded file, e.g.
> /zip1.zip/zip2.zip/zip3.zip/something.txt
>
> As a general rule, we should not trust user input, er files. I don't see any
> areas for malicious effects, but I can image a combination of events that
> could lead to path collisions.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
