ReVanced-Mirror
/
Apktool
mirror of https://github.com/revanced/Apktool.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

fix: cut down length of zipslip exceptions

This commit is contained in:
Connor Tumbleson 2020-12-10 07:57:00 -05:00 committed by Connor Tumbleson
parent b17832f0e1
commit 49a167540f
1 changed files with 3 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
brut.j.util/src/main/java/brut/util/BrutIO.java
View File

@ -79,18 +79,18 @@ public class BrutIO {
public static String sanitizeUnknownFile(final File directory, final String entry) throws IOException, BrutException {
if (entry.length() == 0) {
throw new InvalidUnknownFileException("Invalid Unknown File - " + entry);
throw new InvalidUnknownFileException("Invalid Unknown File");
}
if (new File(entry).isAbsolute()) {
throw new RootUnknownFileException("Absolute Unknown Files is not allowed - " + entry);
throw new RootUnknownFileException("Absolute Unknown Files is not allowed");
}
final String canonicalDirPath = directory.getCanonicalPath() + File.separator;
final String canonicalEntryPath = new File(directory, entry).getCanonicalPath();
if (!canonicalEntryPath.startsWith(canonicalDirPath)) {
throw new TraversalUnknownFileException("Directory Traversal is not allowed - " + entry);
throw new TraversalUnknownFileException("Directory Traversal is not allowed");
}
// https://stackoverflow.com/q/2375903/455008