From 8a45602ae6c448192ff56a79fe0b25a9820703ff Mon Sep 17 00:00:00 2001
From: Jan S <jpstotz@users.noreply.github.com>
Date: Thu, 6 Oct 2022 20:31:42 +0200
Subject: [PATCH] fix: improve logging messages for zip security errors
 (#750)(PR #1698)

Logging error messages on invalid file-names or path traversal attacks improved
---
 jadx-core/src/main/java/jadx/core/xmlgen/ResourcesSaver.java  | 2 +-
 .../src/main/java/jadx/api/plugins/utils/ZipSecurity.java     | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/jadx-core/src/main/java/jadx/core/xmlgen/ResourcesSaver.java b/jadx-core/src/main/java/jadx/core/xmlgen/ResourcesSaver.java
index 2583e57be..1bfa675f1 100644
--- a/jadx-core/src/main/java/jadx/core/xmlgen/ResourcesSaver.java
+++ b/jadx-core/src/main/java/jadx/core/xmlgen/ResourcesSaver.java
@@ -49,7 +49,7 @@ public class ResourcesSaver implements Runnable {
 	private void save(ResContainer rc, File outDir) {
 		File outFile = new File(outDir, rc.getFileName());
 		if (!ZipSecurity.isInSubDirectory(outDir, outFile)) {
-			LOG.error("Path traversal attack detected, invalid resource name: {}", outFile.getPath());
+			LOG.error("Invalid resource name or path traversal attack detected: {}", outFile.getPath());
 			return;
 		}
 		saveToFile(rc, outFile);
diff --git a/jadx-plugins/jadx-plugins-api/src/main/java/jadx/api/plugins/utils/ZipSecurity.java b/jadx-plugins/jadx-plugins-api/src/main/java/jadx/api/plugins/utils/ZipSecurity.java
index a5911441f..f310b58c6 100644
--- a/jadx-plugins/jadx-plugins-api/src/main/java/jadx/api/plugins/utils/ZipSecurity.java
+++ b/jadx-plugins/jadx-plugins-api/src/main/java/jadx/api/plugins/utils/ZipSecurity.java
@@ -53,10 +53,10 @@ public class ZipSecurity {
 			if (isInSubDirectoryInternal(currentPath, canonical)) {
 				return true;
 			}
-			LOG.error("Path traversal attack detected, invalid name: {}", entryName);
+			LOG.error("Invalid file name or path traversal attack detected: {}", entryName);
 			return false;
 		} catch (Exception e) {
-			LOG.error("Path traversal attack detected, invalid name: {}", entryName);
+			LOG.error("Invalid file name or path traversal attack detected: {}", entryName);
 			return false;
 		}
 	}