邮编路径遍历漏洞警报(Android)

时间:2020-08-03 14:29:41

标签: android android-security

我在Google Play控制台中收到“ Zip Path Traversal Vulnerability”警报。

我遵循了Google的官方文档(https://support.google.com/faqs/answer/9294009)对其进行了修复,但警报仍然存在。

这是处理解压缩的代码。我什至已经使用具有描述的漏洞的zip文件进行了测试,并且异常按预期引发。

我想念什么?

private boolean unpackZip(File zipFile, File outputDirectory, IOnResult<Integer> progress) {
    InputStream is;
    ZipInputStream zis;
    ZipInputStream zisCount;
    try {
        int totalEntries = 0;
        int entryCount = 0;
        String filename;
        ZipEntry ze;
        is = new FileInputStream(zipFile);
        zisCount = new ZipInputStream(new BufferedInputStream(is));
        while ((ze = zisCount.getNextEntry()) != null) {
            // Fixing a Zip Path Traversal Vulnerability
            // (https://support.google.com/faqs/answer/9294009)
            filename = ze.getName();
            File targetFile = new File(outputDirectory, filename);
            String targetPath = targetFile.getCanonicalPath();
            if (!targetPath.startsWith(outputDirectory.getCanonicalPath())) {
                throw new SecurityException("Archive security error");
            }
            // -----------------------------------------------------------------------------

            totalEntries++;
            zisCount.closeEntry();
        }
        zisCount.close();

        is = new FileInputStream(zipFile);
        zis = new ZipInputStream(new BufferedInputStream(is));

        byte[] buffer = new byte[1024];
        int count;
        while ((ze = zis.getNextEntry()) != null) {
            filename = ze.getName();

            // Fixing a Zip Path Traversal Vulnerability (https://support.google.com/faqs/answer/9294009)
            File targetFile = new File(outputDirectory, filename);
            String targetPath = targetFile.getCanonicalPath();
            if (!targetPath.startsWith(outputDirectory.getCanonicalPath())) {
                throw new SecurityException("Archive security error");
            }

            // Need to create directories if not exists, or
            // it will generate an Exception...
            if (ze.isDirectory()) {
                File fmd = new File(outputDirectory, filename);
                fmd.mkdirs();
                continue;
            }

            File outputFile = new File(outputDirectory, filename);
            for( File parentFile = outputFile.getParentFile(); !parentFile.exists(); parentFile = parentFile.getParentFile() )
            {
                parentFile.mkdir();
            }

            FileOutputStream fout = new FileOutputStream(outputFile);
            Log.d(TAG, "unzipped " + filename);
            while ((count = zis.read(buffer)) != -1) {
                fout.write(buffer, 0, count);
            }

            fout.close();
            zis.closeEntry();
            entryCount++;
        }

        zis.close();
    } catch (IOException | SecurityException e) {
        Log.e(TAG, "unpackZip", e);
        return false;
    }

    return true;
}

0 个答案:

没有答案
相关问题
最新问题