From 1381daf06e4b3972305ce5f1362fe2208a9c3bb9 Mon Sep 17 00:00:00 2001
From: Nanne Baars <nanne.baars@owasp.org>
Date: Mon, 24 May 2021 16:12:15 +0200
Subject: [PATCH] Fix zip slip issue on Windows

---
 .../src/test/java/org/owasp/webgoat/PathTraversalTest.java   | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/webgoat-integration-tests/src/test/java/org/owasp/webgoat/PathTraversalTest.java b/webgoat-integration-tests/src/test/java/org/owasp/webgoat/PathTraversalTest.java
index 836da96a4..d32ce336e 100644
--- a/webgoat-integration-tests/src/test/java/org/owasp/webgoat/PathTraversalTest.java
+++ b/webgoat-integration-tests/src/test/java/org/owasp/webgoat/PathTraversalTest.java
@@ -108,7 +108,10 @@ public class PathTraversalTest extends IntegrationTest {
     }
 
     public void assignment5() throws IOException {
-        var webGoatDirectory = new File(System.getProperty("user.dir") + "/target/.webgoat/PathTraversal/" + getWebgoatUser());
+        var webGoatHome = System.getProperty("user.dir") + "/target/.webgoat/PathTraversal/" + getWebgoatUser();
+        webGoatHome = webGoatHome.replaceAll("^[a-zA-Z]:", ""); //Remove C: from the home directory on Windows
+
+        var webGoatDirectory = new File(webGoatHome);
         var zipFile = new File(webGoatDirectory, "upload.zip");
         try (var zos = new ZipOutputStream(new FileOutputStream(zipFile))) {
             ZipEntry e = new ZipEntry("../../../../../../../../../../" + webGoatDirectory.toString() + "/image.jpg");