diff options
| -rw-r--r-- | csarvalidation/src/main/java/org/onap/cvc/csar/FileArchive.java | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/csarvalidation/src/main/java/org/onap/cvc/csar/FileArchive.java b/csarvalidation/src/main/java/org/onap/cvc/csar/FileArchive.java index fd21b62..1d6b62f 100644 --- a/csarvalidation/src/main/java/org/onap/cvc/csar/FileArchive.java +++ b/csarvalidation/src/main/java/org/onap/cvc/csar/FileArchive.java @@ -138,6 +138,10 @@ public class FileArchive { private void extract(ZipInputStream csar, File filePath) throws IOException { byte[] buffer = new byte[2048]; + String filePathname = filePath.getPath(); + if (!filePathname.startsWith(TEMP_DIR)) { + throw new IOException("Entry is outside of the target directory"); + } try (FileOutputStream fos = new FileOutputStream(filePath); BufferedOutputStream bos = new BufferedOutputStream(fos, buffer.length)) { |