You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@maven.apache.org by "Sylwester Lachiewicz (Jira)" <ji...@apache.org> on 2020/06/18 11:47:00 UTC

[jira] [Updated] (MNG-6942) Arbitrary file write during archive extraction ("Zip Slip") in wrapper

     [ https://issues.apache.org/jira/browse/MNG-6942?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Sylwester Lachiewicz updated MNG-6942:
--------------------------------------
    Description: 
In Maven Wrapper Installer [https://github.com/apache/maven/blob/ef8c95eb397651e10f677763dfcd9c8cea7c27b0/maven-wrapper/src/main/java/org/apache/maven/wrapper/Installer.java]
  
{code:java}
 ZipEntry entry = entries.nextElement();
 if ( entry.isDirectory() )
 {
  continue;
 }
 Path targetFile = dest.resolve( entry.getName() );

// Unsanitized archive entry, which may contain '..', is used in a file system operation.
  // prevent Zip Slip
if ( targetFile.startsWith( dest ) ) 
{
   Files.createDirectories( targetFile.getParent() );
   Files.copy( zipFile.getInputStream( entry ), targetFile );
}
{code}
 

 Found via LGTM.com scan

  was:
In Maven Wrapper Installer [https://github.com/apache/maven/blob/ef8c95eb397651e10f677763dfcd9c8cea7c27b0/maven-wrapper/src/main/java/org/apache/maven/wrapper/Installer.java]
  
{code:java}
 ZipEntry entry = entries.nextElement();
 if ( entry.isDirectory() )
 {
  continue;
 }
 Path targetFile = dest.resolve( entry.getName() );

// Unsanitized archive entry, which may contain '..', is used in a file system operation.
  // prevent Zip Slip
if ( targetFile.startsWith( dest ) ) 
{
   Files.createDirectories( targetFile.getParent() );
   Files.copy( zipFile.getInputStream( entry ), targetFile );
}
{code}
 

 


> Arbitrary file write during archive extraction ("Zip Slip") in wrapper
> ----------------------------------------------------------------------
>
>                 Key: MNG-6942
>                 URL: https://issues.apache.org/jira/browse/MNG-6942
>             Project: Maven
>          Issue Type: Bug
>          Components: maven wrapper
>    Affects Versions: 3.7.0
>            Reporter: Sylwester Lachiewicz
>            Priority: Major
>
> In Maven Wrapper Installer [https://github.com/apache/maven/blob/ef8c95eb397651e10f677763dfcd9c8cea7c27b0/maven-wrapper/src/main/java/org/apache/maven/wrapper/Installer.java]
>   
> {code:java}
>  ZipEntry entry = entries.nextElement();
>  if ( entry.isDirectory() )
>  {
>   continue;
>  }
>  Path targetFile = dest.resolve( entry.getName() );
> // Unsanitized archive entry, which may contain '..', is used in a file system operation.
>   // prevent Zip Slip
> if ( targetFile.startsWith( dest ) ) 
> {
>    Files.createDirectories( targetFile.getParent() );
>    Files.copy( zipFile.getInputStream( entry ), targetFile );
> }
> {code}
>  
>  Found via LGTM.com scan



--
This message was sent by Atlassian Jira
(v8.3.4#803005)