'Trying to fix Zip Path Traversal Vulnerability - Android
anyone can help with this google play store warning "Fixing a Zip Path Traversal Vulnerability" (https://support.google.com/faqs/answer/9294009)
This is my code to unzip file and idk where to edit and added the new security fix
public void unzip(File zipFile, File targetDirectory) {
Log.e("DownloadZipAsyncTask","FILE TARGET: "+targetDirectory);
Log.e("DownloadZipAsyncTask","FILE : "+zipFile);
try (FileInputStream fis = new FileInputStream(zipFile)) {
try (BufferedInputStream bis = new BufferedInputStream(fis)) {
try (ZipInputStream zis = new ZipInputStream(bis)) {
ZipEntry ze;
int count;
byte[] buffer = new byte[_DefaultCopyBufferSize];
while ((ze = zis.getNextEntry()) != null) {
File file = new File(targetDirectory, ze.getName());
File dir = ze.isDirectory() ? file : file.getParentFile();
if (!dir.isDirectory() && !dir.mkdirs())
throw new FileNotFoundException("Failed to ensure directory: " + dir.getAbsolutePath());
if (ze.isDirectory())
continue;
try (FileOutputStream fout = new FileOutputStream(file)) {
while ((count = zis.read(buffer)) != -1){
fout.write(buffer, 0, count);
}
}
catch (Exception ex) {
Log.e("DownloadZipAsyncTask","ERROR EN UNZIP DE ARCHIVO: "+ex);
}
}
zipFile.delete();
}
catch (Exception ex) {
Log.e("DownloadZipAsyncTask","ERROR EN UNZIP DE ARCHIVO ZipInputStream: "+ex);
}
}
catch (Exception ex) {
Log.e("DownloadZipAsyncTask","ERROR EN UNZIP DE ARCHIVO BufferedInputStream: "+ex);
}
} catch (Exception ex) {
Log.e("DownloadZipAsyncTask","ERROR EN UNZIP DE ARCHIVO FileInputStream: "+ex);
}
}
Sources
This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.
Source: Stack Overflow
| Solution | Source |
|---|