diff --git a/core/src/main/java/com/yizhuan/xchat_android_core/room/face/DynamicFaceModel.java b/core/src/main/java/com/yizhuan/xchat_android_core/room/face/DynamicFaceModel.java index 71bf36d63..2d87ae324 100644 --- a/core/src/main/java/com/yizhuan/xchat_android_core/room/face/DynamicFaceModel.java +++ b/core/src/main/java/com/yizhuan/xchat_android_core/room/face/DynamicFaceModel.java @@ -768,6 +768,12 @@ public class DynamicFaceModel extends BaseModel implements IDynamicFaceModel { continue; } file = new File(parent, entry.getName()); + try { + ensureZipPathSafety(file, parent); + } catch (Exception e) { + e.printStackTrace(); + return; + } if (!file.exists()) { (new File(file.getParent())).mkdirs(); } else if (file.exists() && file.isFile() && file.length() > 0) { @@ -796,6 +802,14 @@ public class DynamicFaceModel extends BaseModel implements IDynamicFaceModel { }).start(); } + private void ensureZipPathSafety(final File outputFile, final String destDirectory) throws Exception { + String destDirCanonicalPath = (new File(destDirectory)).getCanonicalPath(); + String outputFileCanonicalPath = outputFile.getCanonicalPath(); + if (!outputFileCanonicalPath.startsWith(destDirCanonicalPath)) { + throw new Exception(String.format("Found Zip Path Traversal Vulnerability with %s", destDirCanonicalPath)); + } + } + private interface Api { @GET @Streaming diff --git a/gradle.properties b/gradle.properties index b427cdbc8..1d3f9bce6 100644 --- a/gradle.properties +++ b/gradle.properties @@ -33,5 +33,5 @@ TARGET_SDK_VERSION=32 version_name=1.5.5 version_code=155 -systemProp.https.proxyHost=127.0.0.1 -systemProp.https.proxyPort=9999 \ No newline at end of file +#systemProp.https.proxyHost=127.0.0.1 +#systemProp.https.proxyPort=9999 \ No newline at end of file