From 9c10956d8a65e1e3a851691d69cee367ac4e0869 Mon Sep 17 00:00:00 2001
From: =?utf8?q?S=C3=A9bastien=20Lesaint?=
 <sebastien.lesaint@sonarsource.com>
Date: Mon, 21 May 2018 09:55:26 +0200
Subject: [PATCH] SONAR-10661 minimize normalize calls

---
 .../src/main/java/org/sonar/api/utils/ZipUtils.java | 13 +++++++------
 1 file changed, 7 insertions(+), 6 deletions(-)

diff --git a/sonar-plugin-api/src/main/java/org/sonar/api/utils/ZipUtils.java b/sonar-plugin-api/src/main/java/org/sonar/api/utils/ZipUtils.java
index a4fdbae4890..06140551ab8 100644
--- a/sonar-plugin-api/src/main/java/org/sonar/api/utils/ZipUtils.java
+++ b/sonar-plugin-api/src/main/java/org/sonar/api/utils/ZipUtils.java
@@ -85,12 +85,13 @@ public final class ZipUtils {
       FileUtils.forceMkdir(toDir);
     }
 
+    Path targetDirNormalizedPath = toDir.toPath().normalize();
     ZipInputStream zipStream = new ZipInputStream(stream);
     try {
       ZipEntry entry;
       while ((entry = zipStream.getNextEntry()) != null) {
         if (filter.test(entry)) {
-          unzipEntry(entry, zipStream, toDir);
+          unzipEntry(entry, zipStream, targetDirNormalizedPath);
         }
       }
       return toDir;
@@ -100,9 +101,9 @@ public final class ZipUtils {
     }
   }
 
-  private static void unzipEntry(ZipEntry entry, ZipInputStream zipStream, File toDir) throws IOException {
-    File to = new File(toDir, entry.getName());
-    verifyInsideTargetDirectory(entry, to.toPath(), toDir.toPath());
+  private static void unzipEntry(ZipEntry entry, ZipInputStream zipStream, Path targetDirNormalized) throws IOException {
+    File to = targetDirNormalized.resolve(entry.getName()).toFile();
+    verifyInsideTargetDirectory(entry, to.toPath(), targetDirNormalized);
 
     if (entry.isDirectory()) {
       throwExceptionIfDirectoryIsNotCreatable(to);
@@ -245,8 +246,8 @@ public final class ZipUtils {
     }
   }
 
-  private static void verifyInsideTargetDirectory(ZipEntry entry, Path entryPath, Path targetDirPath) {
-    if (!entryPath.normalize().startsWith(targetDirPath.normalize())) {
+  private static void verifyInsideTargetDirectory(ZipEntry entry, Path entryPath, Path targetDirNormalizedPath) {
+    if (!entryPath.normalize().startsWith(targetDirNormalizedPath)) {
       // vulnerability - trying to create a file outside the target directory
       throw new IllegalStateException("Unzipping an entry outside the target directory is not allowed: " + entry.getName());
     }
-- 
2.39.5