Skip to content

Commit

Permalink
Fix zip path traversal vulnerability
Browse files Browse the repository at this point in the history
inspired by:
* MobileChromeApps#92
  • Loading branch information
akrcc committed Mar 4, 2024
1 parent 977b57d commit 3b41304
Showing 1 changed file with 12 additions and 3 deletions.
15 changes: 12 additions & 3 deletions src/android/Zip.java
Original file line number Diff line number Diff line change
Expand Up @@ -121,11 +121,20 @@ private void unzipSync(CordovaArgs args, CallbackContext callbackContext) {
anyEntries = true;
String compressedName = ze.getName();

File file = new File(outputDirectory + compressedName);

String canonicalPath = file.getCanonicalPath();
String canonicalOutputPath = (new File(outputDirectory)).getCanonicalPath();
if (!canonicalPath.startsWith(canonicalOutputPath)) {
String errorMessage = "Zip traversal security error";
callbackContext.error(errorMessage);
Log.e(LOG_TAG, errorMessage);
return;
}

if (ze.isDirectory()) {
File dir = new File(outputDirectory + compressedName);
dir.mkdirs();
file.mkdirs();
} else {
File file = new File(outputDirectory + compressedName);
file.getParentFile().mkdirs();
if(file.exists() || file.createNewFile()){
Log.w("Zip", "extracting: " + file.getPath());
Expand Down

0 comments on commit 3b41304

Please sign in to comment.