From 4aa933b31af9afe5460b8b6cd51cb1416d231273 Mon Sep 17 00:00:00 2001
From: Connor Tumbleson <connor@sourcetoad.com>
Date: Tue, 7 May 2019 18:06:07 -0400
Subject: [PATCH] test: ensure we don't allow path traversal with win

---
 .../androlib/util/UnknownDirectoryTraversalTest.java | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/brut.apktool/apktool-lib/src/test/java/brut/androlib/util/UnknownDirectoryTraversalTest.java b/brut.apktool/apktool-lib/src/test/java/brut/androlib/util/UnknownDirectoryTraversalTest.java
index 1541353f..60d5c9e7 100644
--- a/brut.apktool/apktool-lib/src/test/java/brut/androlib/util/UnknownDirectoryTraversalTest.java
+++ b/brut.apktool/apktool-lib/src/test/java/brut/androlib/util/UnknownDirectoryTraversalTest.java
@@ -71,6 +71,18 @@ public class UnknownDirectoryTraversalTest extends BaseTest {
         BrutIO.sanitizeUnknownFile(sTmpDir, "");
     }
 
+    @Test(expected = TraversalUnknownFileException.class)
+    public void invalidBackwardPathOnWindows() throws IOException, BrutException {
+        String invalidPath;
+        if (! OSDetection.isWindows()) {
+            invalidPath = "../../app";
+        } else {
+            invalidPath = "..\\..\\app.exe";
+        }
+
+        BrutIO.sanitizeUnknownFile(sTmpDir, invalidPath);
+    }
+
     @Test
     public void validDirectoryFileTest() throws IOException, BrutException {
         String validFilename = BrutIO.sanitizeUnknownFile(sTmpDir, "dir" + File.separator + "file");