aboutsummaryrefslogtreecommitdiffstats
path: root/sonar-plugin-api
diff options
context:
space:
mode:
authorSébastien Lesaint <sebastien.lesaint@sonarsource.com>2018-05-21 09:55:26 +0200
committerSonarTech <sonartech@sonarsource.com>2018-05-29 20:20:47 +0200
commit9c10956d8a65e1e3a851691d69cee367ac4e0869 (patch)
treedc3732bf3422b39fbbfe5d0f92ea5a9f995ab819 /sonar-plugin-api
parent00056ffb7e4bb18ad4ce36b98d2671fd3902fad3 (diff)
downloadsonarqube-9c10956d8a65e1e3a851691d69cee367ac4e0869.tar.gz
sonarqube-9c10956d8a65e1e3a851691d69cee367ac4e0869.zip
SONAR-10661 minimize normalize calls
Diffstat (limited to 'sonar-plugin-api')
-rw-r--r--sonar-plugin-api/src/main/java/org/sonar/api/utils/ZipUtils.java13
1 files changed, 7 insertions, 6 deletions
diff --git a/sonar-plugin-api/src/main/java/org/sonar/api/utils/ZipUtils.java b/sonar-plugin-api/src/main/java/org/sonar/api/utils/ZipUtils.java
index a4fdbae4890..06140551ab8 100644
--- a/sonar-plugin-api/src/main/java/org/sonar/api/utils/ZipUtils.java
+++ b/sonar-plugin-api/src/main/java/org/sonar/api/utils/ZipUtils.java
@@ -85,12 +85,13 @@ public final class ZipUtils {
FileUtils.forceMkdir(toDir);
}
+ Path targetDirNormalizedPath = toDir.toPath().normalize();
ZipInputStream zipStream = new ZipInputStream(stream);
try {
ZipEntry entry;
while ((entry = zipStream.getNextEntry()) != null) {
if (filter.test(entry)) {
- unzipEntry(entry, zipStream, toDir);
+ unzipEntry(entry, zipStream, targetDirNormalizedPath);
}
}
return toDir;
@@ -100,9 +101,9 @@ public final class ZipUtils {
}
}
- private static void unzipEntry(ZipEntry entry, ZipInputStream zipStream, File toDir) throws IOException {
- File to = new File(toDir, entry.getName());
- verifyInsideTargetDirectory(entry, to.toPath(), toDir.toPath());
+ private static void unzipEntry(ZipEntry entry, ZipInputStream zipStream, Path targetDirNormalized) throws IOException {
+ File to = targetDirNormalized.resolve(entry.getName()).toFile();
+ verifyInsideTargetDirectory(entry, to.toPath(), targetDirNormalized);
if (entry.isDirectory()) {
throwExceptionIfDirectoryIsNotCreatable(to);
@@ -245,8 +246,8 @@ public final class ZipUtils {
}
}
- private static void verifyInsideTargetDirectory(ZipEntry entry, Path entryPath, Path targetDirPath) {
- if (!entryPath.normalize().startsWith(targetDirPath.normalize())) {
+ private static void verifyInsideTargetDirectory(ZipEntry entry, Path entryPath, Path targetDirNormalizedPath) {
+ if (!entryPath.normalize().startsWith(targetDirNormalizedPath)) {
// vulnerability - trying to create a file outside the target directory
throw new IllegalStateException("Unzipping an entry outside the target directory is not allowed: " + entry.getName());
}