Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit 4953e49

Browse files
aschackmullaschackmull
committed
Java: Add test for sanitization using toAbsolutePath().
1 parent bf6b7c4 commit 4953e49

1 file changed

Lines changed: 10 additions & 0 deletions

File tree

  • java/ql/test/query-tests/security/CWE-022/semmle/tests

java/ql/test/query-tests/security/CWE-022/semmle/tests/ZipTest.java

Lines changed: 10 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -41,4 +41,14 @@ public void m4(ZipEntry entry, File dir) {
4141
validate(dir, file);
4242
FileOutputStream os = new FileOutputStream(file); // OK
4343
}
44+
45+
public void m5(ZipEntry entry, File dir) {
46+
String name = entry.getName();
47+
File file = new File(dir, name);
48+
Path absfile = file.toPath().toAbsolutePath().normalize();
49+
Path absdir = dir.toPath().toAbsolutePath().normalize();
50+
if (!absfile.startsWith(absdir))
51+
throw new Exception();
52+
FileOutputStream os = new FileOutputStream(file); // OK
53+
}
4454
}

0 commit comments

Comments
 (0)