From 68725df6df0bb79a02ffec6db54f35ff319ded37 Mon Sep 17 00:00:00 2001
From: Laura Lujan <laura.lujan@sunpowercorp.com>
Date: Thu, 10 Feb 2022 13:37:26 -0600
Subject: [PATCH] Fix zip traversal vulnerability

Following this proposal solution https://github.com/MobileChromeApps/cordova-plugin-zip/pull/92#issuecomment-984483852
---
 src/android/Zip.java | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/src/android/Zip.java b/src/android/Zip.java
index 4b5de862..9406dbb6 100644
--- a/src/android/Zip.java
+++ b/src/android/Zip.java
@@ -126,6 +126,14 @@ private void unzipSync(CordovaArgs args, CallbackContext callbackContext) {
                    dir.mkdirs();
                 } else {
                     File file = new File(outputDirectory + compressedName);
+                    String canonicalDestinationPath = (new File(outputDirectory)).getCanonicalPath();
+                    String canonicalPath = file.getCanonicalPath();
+                     if (!canonicalPath.startsWith(canonicalDestinationPath)) {
+                        String errorMessage = "Zip traversal security error";
+                        callbackContext.error(errorMessage);
+                        Log.e(LOG_TAG, errorMessage);
+                        return;
+                    }
                     file.getParentFile().mkdirs();
                     if(file.exists() || file.createNewFile()){
                         Log.w("Zip", "extracting: " + file.getPath());