66import java .util .zip .ZipException ;
77import java .util .zip .ZipFile ;
88import java .util .zip .ZipInputStream ;
9+ import java .nio .file .Path ;
10+ import java .nio .file .Paths ;
911
1012public class ZipUtils {
1113
@@ -29,7 +31,7 @@ public static void unZipIt(String zipFilePath, String outputFolder) {
2931 ZipEntry ze = zis .getNextEntry ();
3032 while (ze != null ) {
3133 String fileName = ze .getName ();
32- File newFile = new File ( outputFolder + File . separator + fileName );
34+ File newFile = protectZipSlip ( fileName , outputFolder );
3335 //大部分网络上的源码,这里没有判断子目录
3436 if (ze .isDirectory ()) {
3537 if (!newFile .mkdirs ()) {
@@ -60,7 +62,7 @@ public static void unzip(File source, String out) throws IOException {
6062
6163 while (entry != null ) {
6264
63- File file = new File ( out , entry .getName ());
65+ File file = protectZipSlip ( entry .getName (), out );
6466
6567 if (entry .isDirectory ()) {
6668 if (!file .mkdirs ()) {
@@ -130,4 +132,17 @@ public static void upZipFile(File zipFile, String folderPath) throws ZipExceptio
130132
131133 }
132134 }
135+ public static File protectZipSlip (String fileName , String destDir ) throws IOException {
136+ Path destPath = Paths .get (destDir );
137+ Path resolvedDest = destPath .resolve (fileName );
138+ Path normalizedPath = resolvedDest .normalize ();
139+
140+ // checking whether zipEntry filename has changed the destination
141+ if (!normalizedPath .startsWith (destDir )) {
142+ throw new IOException ("Malicious zip entry found: " + fileName );
143+ }
144+
145+ File newFile = normalizedPath .toFile ();
146+ return newFile ;
147+ }
133148}
0 commit comments