diff options
author | Sébastien Lesaint <sebastien.lesaint@sonarsource.com> | 2018-05-21 09:55:26 +0200 |
---|---|---|
committer | SonarTech <sonartech@sonarsource.com> | 2018-05-29 20:20:47 +0200 |
commit | 9c10956d8a65e1e3a851691d69cee367ac4e0869 (patch) | |
tree | dc3732bf3422b39fbbfe5d0f92ea5a9f995ab819 /sonar-plugin-api | |
parent | 00056ffb7e4bb18ad4ce36b98d2671fd3902fad3 (diff) | |
download | sonarqube-9c10956d8a65e1e3a851691d69cee367ac4e0869.tar.gz sonarqube-9c10956d8a65e1e3a851691d69cee367ac4e0869.zip |
SONAR-10661 minimize normalize calls
Diffstat (limited to 'sonar-plugin-api')
-rw-r--r-- | sonar-plugin-api/src/main/java/org/sonar/api/utils/ZipUtils.java | 13 |
1 files changed, 7 insertions, 6 deletions
diff --git a/sonar-plugin-api/src/main/java/org/sonar/api/utils/ZipUtils.java b/sonar-plugin-api/src/main/java/org/sonar/api/utils/ZipUtils.java index a4fdbae4890..06140551ab8 100644 --- a/sonar-plugin-api/src/main/java/org/sonar/api/utils/ZipUtils.java +++ b/sonar-plugin-api/src/main/java/org/sonar/api/utils/ZipUtils.java @@ -85,12 +85,13 @@ public final class ZipUtils { FileUtils.forceMkdir(toDir); } + Path targetDirNormalizedPath = toDir.toPath().normalize(); ZipInputStream zipStream = new ZipInputStream(stream); try { ZipEntry entry; while ((entry = zipStream.getNextEntry()) != null) { if (filter.test(entry)) { - unzipEntry(entry, zipStream, toDir); + unzipEntry(entry, zipStream, targetDirNormalizedPath); } } return toDir; @@ -100,9 +101,9 @@ public final class ZipUtils { } } - private static void unzipEntry(ZipEntry entry, ZipInputStream zipStream, File toDir) throws IOException { - File to = new File(toDir, entry.getName()); - verifyInsideTargetDirectory(entry, to.toPath(), toDir.toPath()); + private static void unzipEntry(ZipEntry entry, ZipInputStream zipStream, Path targetDirNormalized) throws IOException { + File to = targetDirNormalized.resolve(entry.getName()).toFile(); + verifyInsideTargetDirectory(entry, to.toPath(), targetDirNormalized); if (entry.isDirectory()) { throwExceptionIfDirectoryIsNotCreatable(to); @@ -245,8 +246,8 @@ public final class ZipUtils { } } - private static void verifyInsideTargetDirectory(ZipEntry entry, Path entryPath, Path targetDirPath) { - if (!entryPath.normalize().startsWith(targetDirPath.normalize())) { + private static void verifyInsideTargetDirectory(ZipEntry entry, Path entryPath, Path targetDirNormalizedPath) { + if (!entryPath.normalize().startsWith(targetDirNormalizedPath)) { // vulnerability - trying to create a file outside the target directory throw new IllegalStateException("Unzipping an entry outside the target directory is not allowed: " + entry.getName()); } |