1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
|
/*
* SonarQube
* Copyright (C) 2009-2021 SonarSource SA
* mailto:info AT sonarsource DOT com
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
* License as published by the Free Software Foundation; either
* version 3 of the License, or (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public License
* along with this program; if not, write to the Free Software Foundation,
* Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
*/
package org.sonar.api.utils;
import java.io.BufferedInputStream;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.nio.file.Files;
import java.nio.file.Path;
import java.util.Enumeration;
import java.util.function.Predicate;
import java.util.zip.ZipEntry;
import java.util.zip.ZipFile;
import java.util.zip.ZipInputStream;
import java.util.zip.ZipOutputStream;
import org.apache.commons.io.FileUtils;
import org.apache.commons.io.IOUtils;
/**
* Utility to zip directories and unzip files.
*
* @since 1.10
*/
public final class ZipUtils {
private static final String ERROR_CREATING_DIRECTORY = "Error creating directory: ";
private ZipUtils() {
// only static methods
}
/**
* Unzip a file into a directory. The directory is created if it does not exist.
*
* @return the target directory
*/
public static File unzip(File zip, File toDir) throws IOException {
return unzip(zip, toDir, (Predicate<ZipEntry>) ze -> true);
}
public static File unzip(InputStream zip, File toDir) throws IOException {
return unzip(zip, toDir, (Predicate<ZipEntry>) ze -> true);
}
/**
* Unzip a file to a directory.
*
* @param stream the zip input file
* @param toDir the target directory. It is created if needed.
* @param filter filter zip entries so that only a subset of directories/files can be
* extracted to target directory.
* @return the parameter {@code toDir}
* @since 6.2
*/
public static File unzip(InputStream stream, File toDir, Predicate<ZipEntry> filter) throws IOException {
if (!toDir.exists()) {
FileUtils.forceMkdir(toDir);
}
Path targetDirNormalizedPath = toDir.toPath().normalize();
try (ZipInputStream zipStream = new ZipInputStream(stream)) {
ZipEntry entry;
while ((entry = zipStream.getNextEntry()) != null) {
if (filter.test(entry)) {
unzipEntry(entry, zipStream, targetDirNormalizedPath);
}
}
return toDir;
}
}
private static void unzipEntry(ZipEntry entry, ZipInputStream zipStream, Path targetDirNormalized) throws IOException {
File to = targetDirNormalized.resolve(entry.getName()).toFile();
verifyInsideTargetDirectory(entry, to.toPath(), targetDirNormalized);
if (entry.isDirectory()) {
throwExceptionIfDirectoryIsNotCreatable(to);
} else {
File parent = to.getParentFile();
throwExceptionIfDirectoryIsNotCreatable(parent);
copy(zipStream, to);
}
}
private static void throwExceptionIfDirectoryIsNotCreatable(File to) throws IOException {
if (!to.exists() && !to.mkdirs()) {
throw new IOException(ERROR_CREATING_DIRECTORY + to);
}
}
/**
* Unzip a file to a directory.
*
* @param zip the zip file. It must exist.
* @param toDir the target directory. It is created if needed.
* @param filter filter zip entries so that only a subset of directories/files can be
* extracted to target directory.
* @return the parameter {@code toDir}
* @since 6.2
*/
public static File unzip(File zip, File toDir, Predicate<ZipEntry> filter) throws IOException {
if (!toDir.exists()) {
FileUtils.forceMkdir(toDir);
}
Path targetDirNormalizedPath = toDir.toPath().normalize();
try (ZipFile zipFile = new ZipFile(zip)) {
Enumeration<? extends ZipEntry> entries = zipFile.entries();
while (entries.hasMoreElements()) {
ZipEntry entry = entries.nextElement();
if (filter.test(entry)) {
File target = new File(toDir, entry.getName());
verifyInsideTargetDirectory(entry, target.toPath(), targetDirNormalizedPath);
if (entry.isDirectory()) {
throwExceptionIfDirectoryIsNotCreatable(target);
} else {
File parent = target.getParentFile();
throwExceptionIfDirectoryIsNotCreatable(parent);
copy(zipFile, entry, target);
}
}
}
return toDir;
}
}
private static void copy(ZipInputStream zipStream, File to) throws IOException {
try (OutputStream fos = new FileOutputStream(to)) {
IOUtils.copy(zipStream, fos);
}
}
private static void copy(ZipFile zipFile, ZipEntry entry, File to) throws IOException {
try (InputStream input = zipFile.getInputStream(entry); OutputStream fos = new FileOutputStream(to)) {
IOUtils.copy(input, fos);
}
}
public static void zipDir(File dir, File zip) throws IOException {
try (OutputStream out = Files.newOutputStream(zip.toPath());
ZipOutputStream zout = new ZipOutputStream(out)) {
doZipDir(dir, zout);
}
}
private static void doZip(String entryName, InputStream in, ZipOutputStream out) throws IOException {
ZipEntry entry = new ZipEntry(entryName);
out.putNextEntry(entry);
IOUtils.copy(in, out);
out.closeEntry();
}
private static void doZip(String entryName, File file, ZipOutputStream out) throws IOException {
if (file.isDirectory()) {
entryName += "/";
ZipEntry entry = new ZipEntry(entryName);
out.putNextEntry(entry);
out.closeEntry();
File[] files = file.listFiles();
// java.io.File#listFiles() returns null if object is a directory (not possible here) or if
// an I/O error occurs (weird!)
if (files == null) {
throw new IllegalStateException("Fail to list files of directory " + file.getAbsolutePath());
}
for (File f : files) {
doZip(entryName + f.getName(), f, out);
}
} else {
try (InputStream in = new BufferedInputStream(new FileInputStream(file))) {
doZip(entryName, in, out);
}
}
}
private static void doZipDir(File dir, ZipOutputStream out) throws IOException {
File[] children = dir.listFiles();
if (children == null) {
throw new IllegalStateException("Fail to list files of directory " + dir.getAbsolutePath());
}
for (File child : children) {
doZip(child.getName(), child, out);
}
}
private static void verifyInsideTargetDirectory(ZipEntry entry, Path entryPath, Path targetDirNormalizedPath) {
if (!entryPath.normalize().startsWith(targetDirNormalizedPath)) {
// vulnerability - trying to create a file outside the target directory
throw new IllegalStateException("Unzipping an entry outside the target directory is not allowed: " + entry.getName());
}
}
/**
* @see #unzip(File, File, Predicate)
* @deprecated replaced by {@link Predicate<ZipEntry>} in 6.2.
*/
@Deprecated
@FunctionalInterface
public interface ZipEntryFilter {
boolean accept(ZipEntry entry);
}
private static class ZipEntryFilterDelegate implements Predicate<ZipEntry> {
private final ZipEntryFilter delegate;
private ZipEntryFilterDelegate(ZipEntryFilter delegate) {
this.delegate = delegate;
}
@Override
public boolean test(ZipEntry zipEntry) {
return delegate.accept(zipEntry);
}
}
}
|
