'zip traversal vulnerability android code is not working
Is anyone here to help me out with this google play store warning "Fixing a Zip Path Traversal Vulnerability"
Here is a Function that is causing this issue
private static boolean recursiveScan(String strZipFile) {
try
{
File fSourceZip = new File(strZipFile);
String zipPath = eP;
File temp = new File(zipPath);
temp.mkdir();
ZipFile zipFile = new ZipFile(fSourceZip);
Enumeration<? extends ZipEntry> e = zipFile.entries();
while(e.hasMoreElements())
{
ZipEntry entry = (ZipEntry)e.nextElement();
File destinationFilePath = new File(zipPath,entry.getName());
destinationFilePath.getParentFile().mkdirs();
if(entry.isDirectory())
{
continue;
}
else
{
BufferedInputStream bis = new BufferedInputStream(zipFile.getInputStream(entry));
int b;
byte buffer[] = new byte[1024];
bis.read(buffer, 0, 4);
int firstDword = ((0xFF & buffer[3]) << 24) | ((0xFF & buffer[2]) << 16) |((0xFF & buffer[1]) << 8) | (0xFF & buffer[0]);
bis.close();
if(firstDword == 0x04034b50)
{
bis = new BufferedInputStream(zipFile.getInputStream(entry));
FileOutputStream fos = new FileOutputStream(destinationFilePath);
BufferedOutputStream bos = new BufferedOutputStream(fos,
1024);
while ((b = bis.read(buffer, 0, 1024)) != -1) {
bos.write(buffer, 0, b);
}
bos.flush();
bos.close();
bis.close();
String childFile = zipPath+"/"+entry.getName();
recursiveScan(childFile);
}
else if(firstDword == 0x0a786564)
{
bis = new BufferedInputStream(zipFile.getInputStream(entry));
rCode = scanDex(bis, (int)entry.getCrc());
bis.close();
if(rCode > 0)
{
zipFile.close();
return false;
}
continue;
}
else if(firstDword == 0x464c457f)
{
bis = new BufferedInputStream(zipFile.getInputStream(entry));
rCode = scanELF(bis, (int)entry.getCrc());
bis.close();
if(rCode > 0)
{
zipFile.close();
return false;
}
continue;
}
else if(firstDword == 0x214f3558)
{
bis = new BufferedInputStream(zipFile.getInputStream(entry));
rCode = scanDOS(bis);
bis.close();
if(rCode > 0)
{
zipFile.close();
return false;
}
continue;
}
else
{
continue;
}
}
}
zipFile.close();
}
catch(IOException | SecurityException e)
{
Log.e(TAG, "unpackZip", e);
return false;
}
return true;
}
here is EXCEPTION that throw on RUN LOG of android studio
/n
ContentValues: unpackZip
java.io.FileNotFoundException: /storage/emulated/0/rinix-f/temp/assets/RecorderResources.zip: open failed: ENOENT (No such file or directory)
at libcore.io.IoBridge.open(IoBridge.java:575)
at java.io.FileOutputStream.<init>(FileOutputStream.java:236)
at java.io.FileOutputStream.<init>(FileOutputStream.java:186)
at com.virus.cleaner.htapps.control.Envi.recursiveScan(Envi.java:216)
at com.virus.cleaner.htapps.control.Envi.scanApk(Envi.java:53)
at com.virus.cleaner.htapps.control.FSEnvi.scanFile(FSEnvi.java:39)
at com.virus.cleaner.htapps.service.ScanService$ScanAsync.doInBackground(ScanService.java:294)
at com.virus.cleaner.htapps.service.ScanService$ScanAsync.doInBackground(ScanService.java:259)
at android.os.AsyncTask$3.call(AsyncTask.java:394)
at java.util.concurrent.FutureTask.run(FutureTask.java:266)
at android.os.AsyncTask$SerialExecutor$1.run(AsyncTask.java:305)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1167)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:641)
at java.lang.Thread.run(Thread.java:920)
Caused by: android.system.ErrnoException: open failed: ENOENT (No such file or directory)
at libcore.io.Linux.open(Native Method)
at libcore.io.ForwardingOs.open(ForwardingOs.java:567)
at libcore.io.BlockGuardOs.open(BlockGuardOs.java:273)
at libcore.io.ForwardingOs.open(ForwardingOs.java:567)
at android.app.ActivityThread$AndroidOs.open(ActivityThread.java:8442)
at libcore.io.IoBridge.open(IoBridge.java:561)
at java.io.FileOutputStream.<init>(FileOutputStream.java:236)
at java.io.FileOutputStream.<init>(FileOutputStream.java:186)
at com.virus.cleaner.htapps.control.Envi.recursiveScan(Envi.java:216)
at com.virus.cleaner.htapps.control.Envi.scanApk(Envi.java:53)
at com.virus.cleaner.htapps.control.FSEnvi.scanFile(FSEnvi.java:39)
at com.virus.cleaner.htapps.service.ScanService$ScanAsync.doInBackground(ScanService.java:294)
at com.virus.cleaner.htapps.service.ScanService$ScanAsync.doInBackground(ScanService.java:259)
at android.os.AsyncTask$3.call(AsyncTask.java:394)
at java.util.concurrent.FutureTask.run(FutureTask.java:266)
at android.os.AsyncTask$SerialExecutor$1.run(AsyncTask.java:305)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1167)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:641)
at java.lang.Thread.run(Thread.java:920)
Solution 1:[1]
I dont know much about this, but this might be vulnerable to zipslip or similar vulnerability. You may check a video by LiveOverflow about this vulnerability 1.
TLDR; A file named ".." can lead to access of folders that ,ay not want to be accessed.
Sources
This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.
Source: Stack Overflow
| Solution | Source |
|---|---|
| Solution 1 |