summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--csarvalidation/src/main/java/org/onap/cvc/csar/FileArchive.java9
1 files changed, 6 insertions, 3 deletions
diff --git a/csarvalidation/src/main/java/org/onap/cvc/csar/FileArchive.java b/csarvalidation/src/main/java/org/onap/cvc/csar/FileArchive.java
index e2aa06b..fd21b62 100644
--- a/csarvalidation/src/main/java/org/onap/cvc/csar/FileArchive.java
+++ b/csarvalidation/src/main/java/org/onap/cvc/csar/FileArchive.java
@@ -31,7 +31,7 @@ import java.util.Optional;
import java.util.stream.Stream;
import java.util.zip.ZipEntry;
import java.util.zip.ZipInputStream;
-
+import static org.onap.cvc.csar.CSARArchive.TEMP_DIR;
public class FileArchive {
@@ -116,8 +116,11 @@ public class FileArchive {
ZipEntry entry;
while ((entry = zipInputStream.getNextEntry()) != null) {
-
- File filePath = new File(destination + File.separator + entry.getName());
+ String pathname = destination + File.separator + entry.getName();
+ if (!pathname.startsWith(TEMP_DIR)) {
+ throw new IOException("Entry is outside of the target directory");
+ }
+ File filePath = new File(pathname);
if(entry.isDirectory()){
filePath.mkdirs();