From bf5eeb23a769a2e2b75f432b74f10fdbcfd2f161 Mon Sep 17 00:00:00 2001 From: "andre.schmid" Date: Fri, 27 Sep 2019 13:27:11 +0100 Subject: Fix zip slip security flaw Apply zip slip checking in zip operations throughout the system. Centralizes most of the zip logic in one class. Create tests to zip functionalities and zip slip problem. Change-Id: I721f3d44b34fe6d242c9537f5a515ce1bb534c9a Issue-ID: SDC-1401 Signed-off-by: andre.schmid --- .../src/test/resources/zip-slip/zip-slip-linux.zip | Bin 0 -> 545 bytes .../src/test/resources/zip-slip/zip-slip-windows.zip | Bin 0 -> 547 bytes common-app-api/src/test/resources/zip/extract-test.zip | Bin 0 -> 2588 bytes 3 files changed, 0 insertions(+), 0 deletions(-) create mode 100644 common-app-api/src/test/resources/zip-slip/zip-slip-linux.zip create mode 100644 common-app-api/src/test/resources/zip-slip/zip-slip-windows.zip create mode 100644 common-app-api/src/test/resources/zip/extract-test.zip (limited to 'common-app-api/src/test/resources') diff --git a/common-app-api/src/test/resources/zip-slip/zip-slip-linux.zip b/common-app-api/src/test/resources/zip-slip/zip-slip-linux.zip new file mode 100644 index 0000000000..38b3f499de Binary files /dev/null and b/common-app-api/src/test/resources/zip-slip/zip-slip-linux.zip differ diff --git a/common-app-api/src/test/resources/zip-slip/zip-slip-windows.zip b/common-app-api/src/test/resources/zip-slip/zip-slip-windows.zip new file mode 100644 index 0000000000..3474c88bec Binary files /dev/null and b/common-app-api/src/test/resources/zip-slip/zip-slip-windows.zip differ diff --git a/common-app-api/src/test/resources/zip/extract-test.zip b/common-app-api/src/test/resources/zip/extract-test.zip new file mode 100644 index 0000000000..880452fdc7 Binary files /dev/null and b/common-app-api/src/test/resources/zip/extract-test.zip differ -- cgit 1.2.3-korg