-
Notifications
You must be signed in to change notification settings - Fork 725
Expand file tree
/
Copy pathArchiveEntryPathTraversalCheckSample.java
More file actions
33 lines (31 loc) · 1.17 KB
/
Copy pathArchiveEntryPathTraversalCheckSample.java
File metadata and controls
33 lines (31 loc) · 1.17 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
/*
* SonarQube Java
* Copyright (C) SonarSource Sàrl
* mailto:info AT sonarsource DOT com
*
* You can redistribute and/or modify this program under the terms of
* the Sonar Source-Available License Version 1, as published by SonarSource Sàrl.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
* See the Sonar Source-Available License for more details.
*
* You should have received a copy of the Sonar Source-Available License
* along with this program; if not, see https://sonarsource.com/license/ssal/
*/
import java.io.File;
import java.io.FileOutputStream;
import java.util.zip.ZipEntry;
class ArchiveEntryPathTraversalCheckSample {
void bad(ZipEntry ze, File destDir) throws Exception {
String fileName = ze.getName();
File newFile = new File(destDir, fileName); // Noncompliant
FileOutputStream fos = new FileOutputStream(newFile);
}
void good(File destDir) throws Exception {
String fileName = "safe.txt";
File newFile = new File(destDir, fileName);
FileOutputStream fos = new FileOutputStream(newFile);
}
}