From 47854ec757b763b7419a92e27ab1459512578582 Mon Sep 17 00:00:00 2001
From: Connor Tumbleson <connor@sourcetoad.com>
Date: Tue, 7 May 2019 18:05:51 -0400
Subject: [PATCH 1/2] fix: experimental fix to prevent path traversal with
 copied folders

---
 brut.j.dir/src/main/java/brut/directory/DirUtil.java | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/brut.j.dir/src/main/java/brut/directory/DirUtil.java b/brut.j.dir/src/main/java/brut/directory/DirUtil.java
index bf4758d7..f06cb2c5 100644
--- a/brut.j.dir/src/main/java/brut/directory/DirUtil.java
+++ b/brut.j.dir/src/main/java/brut/directory/DirUtil.java
@@ -81,7 +81,8 @@ public class DirUtil {
                 if (fileName.equals("res") && !in.containsFile(fileName)) {
                     return;
                 }
-                File outFile = new File(out, fileName);
+                String cleanedFilename = BrutIO.sanitizeUnknownFile(out, fileName);
+                File outFile = new File(out, cleanedFilename);
                 outFile.getParentFile().mkdirs();
                 BrutIO.copyAndClose(in.getFileInput(fileName),
                     new FileOutputStream(outFile));

From 4aa933b31af9afe5460b8b6cd51cb1416d231273 Mon Sep 17 00:00:00 2001
From: Connor Tumbleson <connor@sourcetoad.com>
Date: Tue, 7 May 2019 18:06:07 -0400
Subject: [PATCH 2/2] test: ensure we don't allow path traversal with win

---
 .../androlib/util/UnknownDirectoryTraversalTest.java | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/brut.apktool/apktool-lib/src/test/java/brut/androlib/util/UnknownDirectoryTraversalTest.java b/brut.apktool/apktool-lib/src/test/java/brut/androlib/util/UnknownDirectoryTraversalTest.java
index 1541353f..60d5c9e7 100644
--- a/brut.apktool/apktool-lib/src/test/java/brut/androlib/util/UnknownDirectoryTraversalTest.java
+++ b/brut.apktool/apktool-lib/src/test/java/brut/androlib/util/UnknownDirectoryTraversalTest.java
@@ -71,6 +71,18 @@ public class UnknownDirectoryTraversalTest extends BaseTest {
         BrutIO.sanitizeUnknownFile(sTmpDir, "");
     }
 
+    @Test(expected = TraversalUnknownFileException.class)
+    public void invalidBackwardPathOnWindows() throws IOException, BrutException {
+        String invalidPath;
+        if (! OSDetection.isWindows()) {
+            invalidPath = "../../app";
+        } else {
+            invalidPath = "..\\..\\app.exe";
+        }
+
+        BrutIO.sanitizeUnknownFile(sTmpDir, invalidPath);
+    }
+
     @Test
     public void validDirectoryFileTest() throws IOException, BrutException {
         String validFilename = BrutIO.sanitizeUnknownFile(sTmpDir, "dir" + File.separator + "file");