Skip to content

Commit bca02ac

Browse files
iroquetairoqueta
committed
Fix Fortify security scanning
* Arbitrary file access during archive extraction ("Zip Slip") Issue: 207277
1 parent 965d79e commit bca02ac

File tree

1 file changed

+17
-1
lines changed

1 file changed

+17
-1
lines changed

gxcompress/src/main/java/com/genexus/compression/GXCompressor.java

Lines changed: 17 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -590,6 +590,9 @@ private static void decompressZip(File archive, String directory) throws IOExcep
590590
ZipEntry zipEntry;
591591
while ((zipEntry = zis.getNextEntry()) != null) {
592592
File newFile = new File(directory, zipEntry.getName());
593+
if (HasZipSlipVulnerability(newFile, directory)) {
594+
throw new IOException("Bad tar entry: " + zipEntry.getName());
595+
}
593596
if (zipEntry.isDirectory()) {
594597
if (!newFile.isDirectory() && !newFile.mkdirs()) {
595598
throw new IOException("Failed to create directory " + newFile);
@@ -616,6 +619,9 @@ private static void decompress7z(File archive, String directory) throws IOExcept
616619
SevenZArchiveEntry entry;
617620
while ((entry = sevenZFile.getNextEntry()) != null) {
618621
File newFile = new File(directory, entry.getName());
622+
if (HasZipSlipVulnerability(newFile, directory)) {
623+
throw new IOException("Bad tar entry: " + entry.getName());
624+
}
619625
if (entry.isDirectory()) {
620626
if (!newFile.isDirectory() && !newFile.mkdirs()) {
621627
throw new IOException("Failed to create directory " + newFile);
@@ -656,7 +662,9 @@ private static void decompressTar(File archive, String directory) throws IOExcep
656662
return;
657663
}else {
658664
File newFile = new File(directory, entry.getName());
659-
665+
if (HasZipSlipVulnerability(newFile, directory)) {
666+
throw new IOException("Bad tar entry: " + entry.getName());
667+
}
660668
if (entry.isDirectory()) {
661669
if (!newFile.isDirectory() && !newFile.mkdirs()) {
662670
throw new IOException("Failed to create directory " + newFile);
@@ -805,4 +813,12 @@ private static void decompressJar(File archive, String directory) throws IOExcep
805813
}
806814
}
807815
}
816+
817+
// Check for Zip Slip vulnerability: ensure extracted file remains within target directory
818+
// Use Path.normalize() and Path.startsWith()
819+
private static boolean HasZipSlipVulnerability(File file, String directory) {
820+
java.nio.file.Path destDirPath = new File(directory).toPath().toAbsolutePath().normalize();
821+
java.nio.file.Path newFilePath = file.toPath().toAbsolutePath().normalize();
822+
return !newFilePath.startsWith(destDirPath);
823+
}
808824
}

0 commit comments

Comments
 (0)