Skip to content

Commit

Permalink
Fixing potential Zip Slip Vulnerability, see https://snyk.io/research…
Browse files Browse the repository at this point in the history
  • Loading branch information
barancev committed Jul 6, 2018
1 parent 205ac91 commit 5457171
Showing 1 changed file with 5 additions and 0 deletions.
5 changes: 5 additions & 0 deletions java/client/src/org/openqa/selenium/io/Zip.java
Original file line number Diff line number Diff line change
Expand Up @@ -110,7 +110,12 @@ public static void unzip(InputStream source, File outputDir) throws IOException
}

public static void unzipFile(File output, InputStream zipStream, String name) throws IOException {
String canonicalDestinationDirPath = output.getCanonicalPath();
File toWrite = new File(output, name);
String canonicalDestinationFile = toWrite.getCanonicalPath();
if (!canonicalDestinationFile.startsWith(canonicalDestinationDirPath + File.separator)) {
throw new IOException("Entry is outside of the target dir: " + name);
}

if (!FileHandler.createDir(toWrite.getParentFile()))
throw new IOException("Cannot create parent directory for: " + name);
Expand Down

0 comments on commit 5457171

Please sign in to comment.