From bf4dc17183e0dd2a80ddf311c66122022abfdfc7 Mon Sep 17 00:00:00 2001 From: teresa Date: Thu, 31 Jul 2025 01:32:33 +0800 Subject: [PATCH] Fix zip slip vulnerability in unzip utility Enhanced the unzip method to validate entry paths and prevent zip slip attacks by ensuring extracted files remain within the destination directory. Also improved directory creation and resource management using try-with-resources. references: https://github.com/dylwedma11748/JTegraNX/commit/dd5c2e1a4e6bf659108793eb43ade1ad805689ae https://cwe.mitre.org/data/definitions/22.html --- .../hdinsight/util/HDInsightJobViewUtils.java | 44 +++++++++++++------ 1 file changed, 31 insertions(+), 13 deletions(-) diff --git a/PluginsAndFeatures/azure-toolkit-for-eclipse/com.microsoft.azuretools.hdinsight/src/com/microsoft/azuretools/hdinsight/util/HDInsightJobViewUtils.java b/PluginsAndFeatures/azure-toolkit-for-eclipse/com.microsoft.azuretools.hdinsight/src/com/microsoft/azuretools/hdinsight/util/HDInsightJobViewUtils.java index a9e28363b4c..4afc66efe3c 100644 --- a/PluginsAndFeatures/azure-toolkit-for-eclipse/com.microsoft.azuretools.hdinsight/src/com/microsoft/azuretools/hdinsight/util/HDInsightJobViewUtils.java +++ b/PluginsAndFeatures/azure-toolkit-for-eclipse/com.microsoft.azuretools.hdinsight/src/com/microsoft/azuretools/hdinsight/util/HDInsightJobViewUtils.java @@ -73,21 +73,39 @@ private static void extractFile(ZipInputStream zipIn, String filePath) throws IO public static void unzip(String zipFilePath, String destDirectory) throws IOException { File destDir = new File(destDirectory); if (!destDir.exists()) { - destDir.mkdir(); + destDir.mkdirs(); } - ZipInputStream zipIn = new ZipInputStream(new FileInputStream(zipFilePath)); - ZipEntry entry = zipIn.getNextEntry(); - while (entry != null) { - String filePath = destDirectory + File.separator + entry.getName(); - if (!entry.isDirectory()) { - extractFile(zipIn, filePath); - } else { - File dir = new File(filePath); - dir.mkdir(); + try (ZipInputStream zipIn = new ZipInputStream(new FileInputStream(zipFilePath))) { + ZipEntry entry = zipIn.getNextEntry(); + while (entry != null) { + // Validate entry name to prevent zip slip attacks + String entryName = entry.getName(); + if (entryName.contains("..") || entryName.startsWith("/") || entryName.startsWith("\\")) { + throw new IOException("Entry with an illegal path: " + entryName); + } + + File destFile = new File(destDir, entryName); + + // Ensure the file is within the destination directory + String destDirPath = destDir.getCanonicalPath(); + String destFilePath = destFile.getCanonicalPath(); + if (!destFilePath.startsWith(destDirPath + File.separator)) { + throw new IOException("Entry is outside of the target dir: " + entryName); + } + + if (!entry.isDirectory()) { + // Ensure parent directories exist + File parent = destFile.getParentFile(); + if (parent != null && !parent.exists()) { + parent.mkdirs(); + } + extractFile(zipIn, destFile.getPath()); + } else { + destFile.mkdirs(); + } + zipIn.closeEntry(); + entry = zipIn.getNextEntry(); } - zipIn.closeEntry(); - entry = zipIn.getNextEntry(); } - zipIn.close(); } }