Adds more checks for file write ops
This commit is contained in:
@@ -3,6 +3,7 @@ package jadx.core.codegen;
|
||||
import jadx.api.CodePosition;
|
||||
import jadx.core.dex.attributes.nodes.LineAttrNode;
|
||||
import jadx.core.utils.files.FileUtils;
|
||||
import jadx.core.utils.files.ZipSecurity;
|
||||
|
||||
import java.io.File;
|
||||
import java.io.PrintWriter;
|
||||
@@ -272,10 +273,16 @@ public class CodeWriter {
|
||||
}
|
||||
|
||||
public void save(File dir, String subDir, String fileName) {
|
||||
if(!ZipSecurity.isValidZipEntryName(subDir) || !ZipSecurity.isValidZipEntryName(fileName)) {
|
||||
return;
|
||||
}
|
||||
save(dir, new File(subDir, fileName).getPath());
|
||||
}
|
||||
|
||||
public void save(File dir, String fileName) {
|
||||
if(!ZipSecurity.isValidZipEntryName(fileName)) {
|
||||
return;
|
||||
}
|
||||
save(new File(dir, fileName));
|
||||
}
|
||||
|
||||
|
||||
@@ -4,6 +4,7 @@ import jadx.api.IJadxArgs;
|
||||
import jadx.core.codegen.CodeWriter;
|
||||
import jadx.core.dex.nodes.ClassNode;
|
||||
import jadx.core.utils.exceptions.CodegenException;
|
||||
import jadx.core.utils.files.ZipSecurity;
|
||||
|
||||
import java.io.File;
|
||||
|
||||
@@ -25,7 +26,7 @@ public class SaveCode extends AbstractVisitor {
|
||||
public static void save(File dir, IJadxArgs args, ClassNode cls) {
|
||||
CodeWriter clsCode = cls.getCode();
|
||||
String fileName = cls.getClassInfo().getFullPath() + ".java";
|
||||
if (args.isFallbackMode()) {
|
||||
if (args.isFallbackMode()) {
|
||||
fileName += ".jadx";
|
||||
}
|
||||
clsCode.save(dir, fileName);
|
||||
|
||||
@@ -10,7 +10,7 @@ public class ZipSecurity {
|
||||
private static final Logger LOG = LoggerFactory.getLogger(ZipSecurity.class);
|
||||
|
||||
// size of uncompressed zip entry shouldn't be bigger of compressed in MAX_SIZE_DIFF times
|
||||
private static final int MAX_SIZE_DIFF = 5;
|
||||
private static final int MAX_SIZE_DIFF = 10;
|
||||
|
||||
private static boolean isInSubDirectory(File base, File file) {
|
||||
if (file == null) {
|
||||
@@ -32,11 +32,11 @@ public class ZipSecurity {
|
||||
if(isInSubDirectory(currentPath, canonical)) {
|
||||
return true;
|
||||
}
|
||||
LOG.debug("Path traversal attack detected, invalid name: {}", entryName);
|
||||
LOG.error("Path traversal attack detected, invalid name: {}", entryName);
|
||||
return false;
|
||||
}
|
||||
catch(Exception e) {
|
||||
LOG.debug("Path traversal attack detected, invalid name: {}", entryName);
|
||||
LOG.error("Path traversal attack detected, invalid name: {}", entryName);
|
||||
return false;
|
||||
}
|
||||
}
|
||||
@@ -48,7 +48,8 @@ public class ZipSecurity {
|
||||
return true;
|
||||
}
|
||||
if(compressedSize * MAX_SIZE_DIFF < uncompressedSize) {
|
||||
LOG.debug("Zip bomp attack detected, invalid sizes: compressed {}, uncompressed {}", compressedSize, uncompressedSize);
|
||||
LOG.error("Zip bomp attack detected, invalid sizes: compressed {}, uncompressed {}, name {}",
|
||||
compressedSize, uncompressedSize, entry.getName());
|
||||
return true;
|
||||
}
|
||||
return false;
|
||||
|
||||
Reference in New Issue
Block a user