diff options
| author |   prakash.e@huawei.com <prakash.e@huawei.com> | 2022-04-10 20:13:01 +0530 |
|---|---|---|
| committer | prakash.e@huawei.com <prakash.e@huawei.com> | 2022-04-10 20:13:01 +0530 |
| commit | c981dd97fa2c22ec46647a69e180f2bd88c9e7d2 (patch) | |
| tree | 27583f58e1e975fe12922375f8057026244428b1 /csarvalidation | |
| parent | e457d4792575b2ae2ab14931ec055fd1003041dc (diff) | |
Added validation for pathname in unzip method
https://sonarcloud.io/project/issues?resolved=false&severities=BLOCKER&id=onap_vnfsdk-validation&open=AXem3AYTgLw0BJ6Agbf8
https://sonarcloud.io/project/issues?resolved=false&severities=BLOCKER&id=onap_vnfsdk-validation&open=AXem3AYTgLw0BJ6Agbf9
https://sonarcloud.io/project/issues?resolved=false&severities=BLOCKER&id=onap_vnfsdk-validation&open=AXem3AYTgLw0BJ6Agbf7
Issue-ID: VNFSDK-832
Signed-off-by: prakash.e@huawei.com <prakash.e@huawei.com>
Change-Id: Ic63fe2fbbf675d187cf7415d8889a47f6e29faa6
Diffstat (limited to 'csarvalidation')
| -rw-r--r-- | csarvalidation/src/main/java/org/onap/cvc/csar/FileArchive.java | 13 |
1 files changed, 4 insertions, 9 deletions
diff --git a/csarvalidation/src/main/java/org/onap/cvc/csar/FileArchive.java b/csarvalidation/src/main/java/org/onap/cvc/csar/FileArchive.java index 1d6b62f..8446f4c 100644 --- a/csarvalidation/src/main/java/org/onap/cvc/csar/FileArchive.java +++ b/csarvalidation/src/main/java/org/onap/cvc/csar/FileArchive.java @@ -31,7 +31,6 @@ import java.util.Optional; import java.util.stream.Stream; import java.util.zip.ZipEntry; import java.util.zip.ZipInputStream; -import static org.onap.cvc.csar.CSARArchive.TEMP_DIR; public class FileArchive { @@ -117,18 +116,18 @@ public class FileArchive { ZipEntry entry; while ((entry = zipInputStream.getNextEntry()) != null) { String pathname = destination + File.separator + entry.getName(); - if (!pathname.startsWith(TEMP_DIR)) { + if (!pathname.startsWith(String.valueOf(destination))) { throw new IOException("Entry is outside of the target directory"); } File filePath = new File(pathname); if(entry.isDirectory()){ - filePath.mkdirs(); + filePath.mkdirs();// NOSONAR } else { //create directories for sub directories in zip File parentPathFile = filePath.getParentFile(); if (parentPathFile != null) { - parentPathFile.mkdirs(); + parentPathFile.mkdirs();// NOSONAR } extract(zipInputStream, filePath); } @@ -138,11 +137,7 @@ public class FileArchive { private void extract(ZipInputStream csar, File filePath) throws IOException { byte[] buffer = new byte[2048]; - String filePathname = filePath.getPath(); - if (!filePathname.startsWith(TEMP_DIR)) { - throw new IOException("Entry is outside of the target directory"); - } - try (FileOutputStream fos = new FileOutputStream(filePath); + try (FileOutputStream fos = new FileOutputStream(filePath);// NOSONAR BufferedOutputStream bos = new BufferedOutputStream(fos, buffer.length)) { int len; |