From 1fe648b26365c4058e25aeb2f6ab5072c539722a Mon Sep 17 00:00:00 2001 From: Mathieu Maes Date: Fri, 29 Jan 2021 07:30:03 +0100 Subject: [PATCH] Handle zip traversal vulnerability --- src/android/Zip.java | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/src/android/Zip.java b/src/android/Zip.java index 4b5de862..7afe3103 100644 --- a/src/android/Zip.java +++ b/src/android/Zip.java @@ -126,6 +126,13 @@ private void unzipSync(CordovaArgs args, CallbackContext callbackContext) { dir.mkdirs(); } else { File file = new File(outputDirectory + compressedName); + String canonicalPath = file.getCanonicalPath(); + if (!canonicalPath.startsWith(outputDirectory)) { + String errorMessage = "Zip traversal security error"; + callbackContext.error(errorMessage); + Log.e(LOG_TAG, errorMessage); + return; + } file.getParentFile().mkdirs(); if(file.exists() || file.createNewFile()){ Log.w("Zip", "extracting: " + file.getPath());