summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorprakash.e@huawei.com <prakash.e@huawei.com>2022-03-24 07:08:51 +0530
committerprakash.e@huawei.com <prakash.e@huawei.com>2022-03-25 23:12:15 +0530
commit7cb419943bf707205712bb195cf02e73d9dcd6fe (patch)
tree15c3951dbe67dd4ebcc5643f13e341b6bbca1348
parentbd60978a515bc14242fa28d859d096bac2db59be (diff)
vnfsdk validation sonar cloud blocker issue fix
https://sonarcloud.io/project/issues?resolved=false&severities=BLOCKER&id=onap_vnfsdk-validation&open=AXem3AYTgLw0BJ6Agbf8 Issue-ID: VNFSDK-832 Signed-off-by: prakash.e@huawei.com <prakash.e@huawei.com> Change-Id: I217bf91e336f1c96090f4dfd5aa4b4267a43dd24
Diffstat
-rw-r--r--csarvalidation/src/main/java/org/onap/cvc/csar/FileArchive.java9
1 files changed, 6 insertions, 3 deletions
diff --git a/csarvalidation/src/main/java/org/onap/cvc/csar/FileArchive.java b/csarvalidation/src/main/java/org/onap/cvc/csar/FileArchive.java
index e2aa06b..fd21b62 100644
--- a/csarvalidation/src/main/java/org/onap/cvc/csar/FileArchive.java
+++ b/csarvalidation/src/main/java/org/onap/cvc/csar/FileArchive.java
@@ -31,7 +31,7 @@ import java.util.Optional;
import java.util.stream.Stream;
import java.util.zip.ZipEntry;
import java.util.zip.ZipInputStream;
-
+import static org.onap.cvc.csar.CSARArchive.TEMP_DIR;
public class FileArchive {
@@ -116,8 +116,11 @@ public class FileArchive {
ZipEntry entry;
while ((entry = zipInputStream.getNextEntry()) != null) {
-
- File filePath = new File(destination + File.separator + entry.getName());
+ String pathname = destination + File.separator + entry.getName();
+ if (!pathname.startsWith(TEMP_DIR)) {
+ throw new IOException("Entry is outside of the target directory");
+ }
+ File filePath = new File(pathname);
if(entry.isDirectory()){
filePath.mkdirs();