From f58e9a8c197ab342f6495e8becaf55876e479a01 Mon Sep 17 00:00:00 2001
From: Piotr Krysiak <piotr.krysiak@nokia.com>
Date: Wed, 18 Jul 2018 14:35:48 +0200
Subject: Fix zip-slip in openecomp-be

Issue-ID: SDC-1401

Change-Id: I92cf8184ab50cb1d3b1ba2f71eab8f5701e1ee57
Signed-off-by: Piotr Krysiak <piotr.krysiak@nokia.com>
---
 .../main/java/org/openecomp/sdc/translator/utils/ResourceWalker.java    | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'openecomp-be/lib/openecomp-sdc-translator-lib/openecomp-sdc-translator-core')

diff --git a/openecomp-be/lib/openecomp-sdc-translator-lib/openecomp-sdc-translator-core/src/main/java/org/openecomp/sdc/translator/utils/ResourceWalker.java b/openecomp-be/lib/openecomp-sdc-translator-lib/openecomp-sdc-translator-core/src/main/java/org/openecomp/sdc/translator/utils/ResourceWalker.java
index e5993677cd..93a2290938 100644
--- a/openecomp-be/lib/openecomp-sdc-translator-lib/openecomp-sdc-translator-core/src/main/java/org/openecomp/sdc/translator/utils/ResourceWalker.java
+++ b/openecomp-be/lib/openecomp-sdc-translator-lib/openecomp-sdc-translator-core/src/main/java/org/openecomp/sdc/translator/utils/ResourceWalker.java
@@ -123,7 +123,7 @@ public class ResourceWalker {
       return zipEntry -> {
         String name = zipEntry.getName();
         return (name.equals(resource) || name.startsWith(resource + "/"))
-            && !zipEntry.isDirectory();
+            && !zipEntry.isDirectory() && !name.contains("../");
       };
     }
   }
-- 
cgit 1.2.3-korg