dubey/WebGoat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fix zip slip issue on Windows

Browse Source
This commit is contained in:
Nanne Baars
2021-05-24 16:12:15 +02:00
parent ac542ad8b8
commit 1381daf06e
1 changed files with 4 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
webgoat-integration-tests/src/test/java/org/owasp/webgoat/PathTraversalTest.java
View File

@ -108,7 +108,10 @@ public class PathTraversalTest extends IntegrationTest {
} }
public void assignment5() throws IOException { public void assignment5() throws IOException {
var webGoatDirectory = new File(System.getProperty("user.dir") + "/target/.webgoat/PathTraversal/" + getWebgoatUser()); var webGoatHome = System.getProperty("user.dir") + "/target/.webgoat/PathTraversal/" + getWebgoatUser();
webGoatHome = webGoatHome.replaceAll("^[a-zA-Z]:", ""); //Remove C: from the home directory on Windows
var webGoatDirectory = new File(webGoatHome);
var zipFile = new File(webGoatDirectory, "upload.zip"); var zipFile = new File(webGoatDirectory, "upload.zip");
try (var zos = new ZipOutputStream(new FileOutputStream(zipFile))) { try (var zos = new ZipOutputStream(new FileOutputStream(zipFile))) {
ZipEntry e = new ZipEntry("../../../../../../../../../../" + webGoatDirectory.toString() + "/image.jpg"); ZipEntry e = new ZipEntry("../../../../../../../../../../" + webGoatDirectory.toString() + "/image.jpg");