parameter filePath is not validated before using it.

https://sonarcloud.io/project/issues?resolved=false&severities=BLOCKER&id=onap_vnfsdk-validation&open=AXem3AYTgLw0BJ6Agbf7 Issue-ID: VNFSDK-832 Signed-off-by: prakash.e@huawei.com <prakash.e@huawei.com> Change-Id: Iefa47f59aa13ec5d13fafe1a7a6c874096fd7eb9
author: prakash.e@huawei.com <prakash.e@huawei.com> 2022-03-28 19:36:39 +0530
committer: Kanagaraj Manickam <kanagaraj.manickam@huawei.com> 2022-03-30 04:59:58 +0000
commit: e459087748170d9b0418cf220d1218a08eaa76b2 (patch)
tree: a2990ead5c9ea2d2de09d8d6ba7ab08aa324d1c6
parent: 7cb419943bf707205712bb195cf02e73d9dcd6fe (diff)
1 files changed, 4 insertions, 0 deletions
diff --git a/csarvalidation/src/main/java/org/onap/cvc/csar/FileArchive.java b/csarvalidation/src/main/java/org/onap/cvc/csar/FileArchive.java
index fd21b62..1d6b62f 100644
--- a/csarvalidation/src/main/java/org/onap/cvc/csar/FileArchive.java
+++ b/csarvalidation/src/main/java/org/onap/cvc/csar/FileArchive.java
@@ -138,6 +138,10 @@ public class FileArchive {
 
     private void extract(ZipInputStream csar, File filePath) throws IOException {
         byte[] buffer = new byte[2048];
+        String filePathname = filePath.getPath();
+        if (!filePathname.startsWith(TEMP_DIR)) {
+            throw new IOException("Entry is outside of the target directory");
+        }
         try (FileOutputStream fos = new FileOutputStream(filePath);
              BufferedOutputStream bos = new BufferedOutputStream(fos, buffer.length)) {
author	prakash.e@huawei.com <prakash.e@huawei.com>	2022-03-28 19:36:39 +0530
committer	Kanagaraj Manickam <kanagaraj.manickam@huawei.com>	2022-03-30 04:59:58 +0000
commit	e459087748170d9b0418cf220d1218a08eaa76b2 (patch)
tree	a2990ead5c9ea2d2de09d8d6ba7ab08aa324d1c6
parent	7cb419943bf707205712bb195cf02e73d9dcd6fe (diff)