jessikitty/jadx
1
0
Fork 0
Code Issues Pull Requests 1 Actions 1 Packages Projects Releases Wiki Activity

Prevents path traversal attacks thru rc names

Browse Source
This commit is contained in:
Sergey Toshin
2018-06-26 20:26:31 +03:00
parent 6e50ddf5c8
commit ddbcf8bb19
2 changed files with 30 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files
jadx-core/src/main/java/jadx/core/utils/files/ZipSecurity.java
+16 -5
View File
@@ -1,6 +1,7 @@
package jadx.core.utils.files;
import java.io.File;
import java.io.IOException;
import java.util.zip.ZipEntry;
import org.slf4j.Logger;
@@ -14,14 +15,24 @@ public class ZipSecurity {
private ZipSecurity() {}
private static boolean isInSubDirectory(File base, File file) {
if (file == null) {
private static boolean isInSubDirectoryInternal(File baseDir, File canonFile) {
if (canonFile == null) {
return false;
}
if (file.equals(base)) {
if (canonFile.equals(baseDir)) {
return true;
}
return isInSubDirectory(base, file.getParentFile());
return isInSubDirectoryInternal(baseDir, canonFile.getParentFile());
}
public static boolean isInSubDirectory(File baseDir, File file) {
try {
file = file.getCanonicalFile();
}
catch(IOException e) {
return false;
}
return isInSubDirectoryInternal(baseDir, file);
}
// checks that entry name contains no any traversals
@@ -30,7 +41,7 @@ public class ZipSecurity {
try {
File currentPath = new File(".").getCanonicalFile();
File canonical = new File(currentPath, entryName).getCanonicalFile();
if (isInSubDirectory(currentPath, canonical)) {
if (isInSubDirectoryInternal(currentPath, canonical)) {
return true;
}
LOG.error("Path traversal attack detected, invalid name: {}", entryName);
jadx-core/src/main/java/jadx/core/xmlgen/ResourcesSaver.java
+14
View File
@@ -13,6 +13,7 @@ import org.slf4j.LoggerFactory;
import jadx.api.ResourceFile;
import jadx.api.ResourceType;
import jadx.core.codegen.CodeWriter;
import jadx.core.utils.files.ZipSecurity;
import static jadx.core.utils.files.FileUtils.prepareFile;
@@ -60,12 +61,25 @@ public class ResourcesSaver implements Runnable {
String ext = FilenameUtils.getExtension(outFile.getName());
try {
outFile = prepareFile(outFile);
if(!ZipSecurity.isInSubDirectory(outDir, outFile)) {
LOG.error("Path traversal attack detected, invalid resource name: {}",
outFile.getPath());
return;
}
ImageIO.write(image, ext, outFile);
} catch (IOException e) {
LOG.error("Failed to save image: {}", rc.getName(), e);
}
return;
}
if(!ZipSecurity.isInSubDirectory(outDir, outFile)) {
LOG.error("Path traversal attack detected, invalid resource name: {}",
rc.getFileName());
return;
}
saveToFile(rc, outFile);
}