[BugFix]修复不安全的压缩路径遍历

core/src/main/java/com/yizhuan/xchat_android_core/room/face/DynamicFaceModel.java

@@ -768,6 +768,12 @@ public class DynamicFaceModel extends BaseModel implements IDynamicFaceModel {
                         continue;
                     }
                     file = new File(parent, entry.getName());
+                    try {
+                        ensureZipPathSafety(file, parent);
+                    } catch (Exception e) {
+                        e.printStackTrace();
+                        return;
+                    }
                     if (!file.exists()) {
                         (new File(file.getParent())).mkdirs();
                     } else if (file.exists() && file.isFile() && file.length() > 0) {
@@ -796,6 +802,14 @@ public class DynamicFaceModel extends BaseModel implements IDynamicFaceModel {
         }).start();
     }
 
+    private void ensureZipPathSafety(final File outputFile, final String destDirectory) throws Exception {
+        String destDirCanonicalPath = (new File(destDirectory)).getCanonicalPath();
+        String outputFileCanonicalPath = outputFile.getCanonicalPath();
+        if (!outputFileCanonicalPath.startsWith(destDirCanonicalPath)) {
+            throw new Exception(String.format("Found Zip Path Traversal Vulnerability with %s", destDirCanonicalPath));
+        }
+    }
+
     private interface Api {
         @GET
         @Streaming

gradle.properties

@@ -33,5 +33,5 @@ TARGET_SDK_VERSION=32
 version_name=1.5.5
 version_code=155
 
-systemProp.https.proxyHost=127.0.0.1
-systemProp.https.proxyPort=9999
+#systemProp.https.proxyHost=127.0.0.1
+#systemProp.https.proxyPort=9999