Adjusted codemod

andrecsilva · andrecsilva · commit 8440c7def33d · 2024-11-21T06:54:52.000-03:00
diff --git a/framework/codemodder-base/src/main/java/io/codemodder/remediation/zipslip/ZipEntryStartFixStrategy.java b/framework/codemodder-base/src/main/java/io/codemodder/remediation/zipslip/ZipEntryStartFixStrategy.java
@@ -10,6 +10,8 @@
 import com.github.javaparser.ast.expr.MethodCallExpr;
 import io.codemodder.remediation.RemediationStrategy;
 import io.codemodder.remediation.SuccessOrReason;
+
+import java.lang.invoke.MethodHandleInfo;
 import java.util.Optional;
 
 /** Fixes ZipSlip vulnerabilities where a ZipEntry starts the data flow. */
@@ -70,8 +72,16 @@ String sanitizeZipFilename(String entryName) {
 
   /** Return true if it appears to be a ZipEntry#getName() call. */
   static boolean match(final Node node) {
-    return node instanceof MethodCallExpr call
-        && call.getScope().isPresent()
-        && "getName".equals(call.getNameAsString());
+    return
+            Optional.of(node)
+                    .map(n -> n instanceof MethodCallExpr mce ? mce : null)
+                    .filter(mce -> mce.hasScope())
+                    .filter(mce -> "getName".equals(mce.getNameAsString()))
+                    // Not already sanitized
+                    .filter(mce ->  mce.getParentNode()
+                            .map(p -> p instanceof MethodCallExpr m ? m : null)
+                            .filter(m -> "sanitizeZipFilename".equals(m.getNameAsString()))
+                            .isEmpty())
+                    .isPresent();
   }
 }
