-
Notifications
You must be signed in to change notification settings - Fork 65
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Improve workflow package #802
Conversation
var gzipInputStream = new GZIPInputStream(bufferedInputStream); | ||
var tarInputStream = new TarArchiveInputStream(gzipInputStream)) { | ||
TarArchiveEntry entry; | ||
while ((entry = (TarArchiveEntry) tarInputStream.getNextEntry()) != null) { | ||
var path = targetPath.resolve(entry.getName()); | ||
var path = target.resolve(entry.getName()); |
Check failure
Code scanning / CodeQL
Arbitrary file access during archive extraction ("Zip Slip") High
file system operation
Unsanitized archive entry, which may contain '..', is used in a
file system operation
Unsanitized archive entry, which may contain '..', is used in a
file system operation
Unsanitized archive entry, which may contain '..', is used in a file system operation.
var bzip2InputStream = new BZip2CompressorInputStream(bufferedInputStream); | ||
var tarInputStream = new TarArchiveInputStream(bzip2InputStream)) { | ||
TarArchiveEntry entry; | ||
while ((entry = (TarArchiveEntry) tarInputStream.getNextEntry()) != null) { | ||
var path = targetPath.resolve(entry.getName()); | ||
var path = target.resolve(entry.getName()); |
Check failure
Code scanning / CodeQL
Arbitrary file access during archive extraction ("Zip Slip") High
file system operation
Unsanitized archive entry, which may contain '..', is used in a
file system operation
Unsanitized archive entry, which may contain '..', is used in a
file system operation
Unsanitized archive entry, which may contain '..', is used in a file system operation.
var entries = zipFile.entries(); | ||
while (entries.hasMoreElements()) { | ||
var entry = entries.nextElement(); | ||
var path = targetPath.resolve(entry.getName()); | ||
var path = target.resolve(entry.getName()); |
Check failure
Code scanning / CodeQL
Arbitrary file access during archive extraction ("Zip Slip") High
file system operation
Unsanitized archive entry, which may contain '..', is used in a
file system operation
Unsanitized archive entry, which may contain '..', is used in a
file system operation
baremaps-core/src/main/java/org/apache/baremaps/workflow/tasks/DecompressFile.java
Fixed
Show fixed
Hide fixed
df4fa4a
to
e819844
Compare
baremaps-core/src/main/java/org/apache/baremaps/workflow/WorkflowContext.java
Fixed
Show fixed
Hide fixed
7e6528a
to
0dd52e9
Compare
No description provided.