fix: experimental fix to prevent path traversal with copied folders

2024-12-04 18:12:54 +01:00 · 2019-05-07 18:05:51 -04:00 · 2019-05-07 18:05:51 -04:00 · 47854ec757
commit 47854ec757
parent 5aa3cf9728
1 changed files with 2 additions and 1 deletions
--- a/brut.j.dir/src/main/java/brut/directory/DirUtil.java
+++ b/brut.j.dir/src/main/java/brut/directory/DirUtil.java
@ -81,7 +81,8 @@ public class DirUtil {
                if (fileName.equals("res") && !in.containsFile(fileName)) {
                    return;
                }
-                File outFile = new File(out, fileName);
+                String cleanedFilename = BrutIO.sanitizeUnknownFile(out, fileName);
+                File outFile = new File(out, cleanedFilename);
                outFile.getParentFile().mkdirs();
                BrutIO.copyAndClose(in.getFileInput(fileName),
                    new FileOutputStream(outFile));