From df41320b0857fb42e53b56e427d9ecf1c3d6a4b5 Mon Sep 17 00:00:00 2001
From: "M.Schmidt" <markus262@web.de>
Date: Wed, 25 Sep 2024 12:02:52 +0200
Subject: [PATCH] fix: ZipSlip attack vector -> possible path traversal write

---
 .../PathBasedAnalysisInputLocation.java             | 13 ++++++++++++-
 1 file changed, 12 insertions(+), 1 deletion(-)

diff --git a/sootup.java.bytecode.frontend/src/main/java/sootup/java/bytecode/frontend/inputlocation/PathBasedAnalysisInputLocation.java b/sootup.java.bytecode.frontend/src/main/java/sootup/java/bytecode/frontend/inputlocation/PathBasedAnalysisInputLocation.java
index 7c5c53a73f2..07e63e0812b 100644
--- a/sootup.java.bytecode.frontend/src/main/java/sootup/java/bytecode/frontend/inputlocation/PathBasedAnalysisInputLocation.java
+++ b/sootup.java.bytecode.frontend/src/main/java/sootup/java/bytecode/frontend/inputlocation/PathBasedAnalysisInputLocation.java
@@ -447,9 +447,20 @@ void extractWarFile(Path warFilePath, final Path destDirectory) {
           Path filepath = destDirectory.resolve(zipEntry.getName());
           final File file = filepath.toFile();
 
+          String canonicalPathStr = file.getCanonicalPath();
+          if (!canonicalPathStr.startsWith(destDirectory + File.separator)) {
+            throw new IllegalArgumentException(
+                "ZipSlip Attack Mitigated: ZipEntry points outside of the target dir: "
+                    + file.getName());
+          }
+
           file.deleteOnExit();
           if (zipEntry.isDirectory()) {
-            file.mkdir();
+            boolean mkdir = file.mkdir();
+            if (!mkdir) {
+              throw new IllegalStateException(
+                  "Could not create Directory: " + file.getAbsolutePath());
+            }
           } else {
             byte[] incomingValues = new byte[4096];
             int readBytesZip;