saulteafarmer/Stirling-PDF
1
0
Fork 0
mirror of https://github.com/Stirling-Tools/Stirling-PDF.git synced 2025-06-21 23:15:03 +00:00
Code Issues Packages Projects Releases Wiki Activity

Potential fix for code scanning alert no. 47: Arbitrary file access during archive extraction ("Zip Slip")

Browse Source 
Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
This commit is contained in:
Anthony Stirling 2025-05-08 17:00:06 +01:00 committed by GitHub
parent 512e9d7236
commit 526026fbc9
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 5 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
src/main/java/stirling/software/SPDF/utils/FileToPdf.java
View File

@ -156,7 +156,10 @@ public class FileToPdf {
ZipSecurity.createHardenedInputStream(new ByteArrayInputStream(fileBytes))) { ZipSecurity.createHardenedInputStream(new ByteArrayInputStream(fileBytes))) {
ZipEntry entry = zipIn.getNextEntry(); ZipEntry entry = zipIn.getNextEntry();
while (entry != null) { while (entry != null) {
Path filePath = tempDirectory.resolve(sanitizeZipFilename(entry.getName())); Path filePath = tempDirectory.resolve(entry.getName()).normalize();
if (!filePath.startsWith(tempDirectory)) {
throw new IOException("Entry is outside of the target directory: " + entry.getName());
}
if (entry.isDirectory()) { if (entry.isDirectory()) {
Files.createDirectories(filePath); // Explicitly create the directory structure Files.createDirectories(filePath); // Explicitly create the directory structure
} else { } else {
@ -188,20 +191,5 @@ public class FileToPdf {
} }
} }
static String sanitizeZipFilename(String entryName) { // Removed sanitizeZipFilename method as it is no longer needed.
if (entryName == null || entryName.trim().isEmpty()) {
return "";
}
// Remove any drive letters (e.g., "C:\") and leading forward/backslashes
entryName = entryName.replaceAll("^[a-zA-Z]:[\\\\/]+", "");
entryName = entryName.replaceAll("^[\\\\/]+", "");
// Recursively remove path traversal sequences
while (entryName.contains("../") || entryName.contains("..\\")) {
entryName = entryName.replace("../", "").replace("..\\", "");
}
// Normalize all backslashes to forward slashes
entryName = entryName.replaceAll("\\\\", "/");
return entryName;
}
} }