Skip to content

Commit 6a6950e

Browse files
tomas-sexenianBeta Bot
tomas-sexenian
authored and
Beta Bot
committed
Cherry pick branch 'genexuslabs:Compress' into beta
1 parent 2ac3fc1 commit 6a6950e

File tree

2 files changed

+97
-109
lines changed

2 files changed

+97
-109
lines changed

gxcompress/src/main/java/com/genexus/compression/CompressionUtils.java

Lines changed: 19 additions & 22 deletions
Original file line numberDiff line numberDiff line change
@@ -22,6 +22,8 @@
2222

2323
public class CompressionUtils {
2424

25+
private static final int BUFFER_SIZE = 8192;
26+
2527
/**
2628
* Counts the number of entries in an archive file.
2729
*
@@ -39,7 +41,7 @@ public static int countArchiveEntries(File archiveFile) throws IOException {
3941
return zipFile.size();
4042
}
4143
case "7z":
42-
try (SevenZFile sevenZFile = getSevenZFile(archiveFile.getAbsolutePath())) {
44+
try (SevenZFile sevenZFile = getSevenZFile(archiveFile)) {
4345
while (sevenZFile.getNextEntry() != null) {
4446
count++;
4547
}
@@ -81,21 +83,17 @@ public static boolean isArchiveSafe(File archiveFile, String targetDir) throws I
8183
Enumeration<? extends ZipEntry> entries = zipFile.entries();
8284
while (entries.hasMoreElements()) {
8385
ZipEntry entry = entries.nextElement();
84-
File destinationFile = new File(targetPath, entry.getName()).getCanonicalFile();
85-
if (!destinationFile.getPath().startsWith(targetPath.getPath() + File.separator) &&
86-
!destinationFile.getPath().equals(targetPath.getPath())) {
86+
if (!isEntryPathSafe(targetPath, entry.getName())) {
8787
return false;
8888
}
8989
}
9090
}
9191
return true;
9292
case "7z":
93-
try (SevenZFile sevenZFile = getSevenZFile(archiveFile.getAbsolutePath())) {
93+
try (SevenZFile sevenZFile = getSevenZFile(archiveFile)) {
9494
SevenZArchiveEntry entry;
9595
while ((entry = sevenZFile.getNextEntry()) != null) {
96-
File destinationFile = new File(targetPath, entry.getName()).getCanonicalFile();
97-
if (!destinationFile.getPath().startsWith(targetPath.getPath() + File.separator) &&
98-
!destinationFile.getPath().equals(targetPath.getPath())) {
96+
if (!isEntryPathSafe(targetPath, entry.getName())) {
9997
return false;
10098
}
10199
}
@@ -105,9 +103,7 @@ public static boolean isArchiveSafe(File archiveFile, String targetDir) throws I
105103
try (TarArchiveInputStream tarStream = new TarArchiveInputStream(Files.newInputStream(archiveFile.toPath()))) {
106104
TarArchiveEntry entry;
107105
while ((entry = tarStream.getNextEntry()) != null) {
108-
File destinationFile = new File(targetPath, entry.getName()).getCanonicalFile();
109-
if (!destinationFile.getPath().startsWith(targetPath.getPath() + File.separator) &&
110-
!destinationFile.getPath().equals(targetPath.getPath())) {
106+
if (!isEntryPathSafe(targetPath, entry.getName())) {
111107
return false;
112108
}
113109
}
@@ -117,19 +113,15 @@ public static boolean isArchiveSafe(File archiveFile, String targetDir) throws I
117113
String fileName = archiveFile.getName();
118114
if (fileName.endsWith(".gz") && fileName.length() > 3) {
119115
String extractedName = fileName.substring(0, fileName.length() - 3);
120-
File destinationFile = new File(targetPath, extractedName).getCanonicalFile();
121-
return destinationFile.getPath().startsWith(targetPath.getPath() + File.separator) ||
122-
destinationFile.getPath().equals(targetPath.getPath());
116+
return isEntryPathSafe(targetPath, extractedName);
123117
}
124118
return true;
125119
case "jar":
126120
try (JarFile jarFile = new JarFile(archiveFile)) {
127121
Enumeration<JarEntry> entries = jarFile.entries();
128122
while (entries.hasMoreElements()) {
129123
JarEntry entry = entries.nextElement();
130-
File destinationFile = new File(targetPath, entry.getName()).getCanonicalFile();
131-
if (!destinationFile.getPath().startsWith(targetPath.getPath() + File.separator) &&
132-
!destinationFile.getPath().equals(targetPath.getPath())) {
124+
if (!isEntryPathSafe(targetPath, entry.getName())) {
133125
return false;
134126
}
135127
}
@@ -164,7 +156,7 @@ public static long getMaxFileSize(File archiveFile) throws IOException {
164156
}
165157
break;
166158
case "7z":
167-
try (SevenZFile sevenZFile = getSevenZFile(archiveFile.getAbsolutePath())) {
159+
try (SevenZFile sevenZFile = getSevenZFile(archiveFile)) {
168160
SevenZArchiveEntry entry;
169161
while ((entry = sevenZFile.getNextEntry()) != null) {
170162
if (!entry.isDirectory() && entry.getSize() > maxSize) {
@@ -185,7 +177,7 @@ public static long getMaxFileSize(File archiveFile) throws IOException {
185177
break;
186178
case "gz":
187179
try (GZIPInputStream gzStream = new GZIPInputStream(Files.newInputStream(archiveFile.toPath()))) {
188-
byte[] buffer = new byte[8192];
180+
byte[] buffer = new byte[BUFFER_SIZE];
189181
long size = 0;
190182
int n;
191183
while ((n = gzStream.read(buffer)) != -1) {
@@ -241,7 +233,7 @@ public static long estimateDecompressedSize(File archiveFile) throws IOException
241233
}
242234
break;
243235
case "7z":
244-
try (SevenZFile sevenZFile = getSevenZFile(archiveFile.getAbsolutePath())) {
236+
try (SevenZFile sevenZFile = getSevenZFile(archiveFile)) {
245237
SevenZArchiveEntry entry;
246238
while ((entry = sevenZFile.getNextEntry()) != null) {
247239
if (!entry.isDirectory()) {
@@ -304,7 +296,12 @@ public static long estimateDecompressedSize(File archiveFile) throws IOException
304296
return totalSize;
305297
}
306298

307-
private static SevenZFile getSevenZFile(final String specialPath) throws IOException {
308-
return SevenZFile.builder().setFile(getFile(specialPath)).get();
299+
private static SevenZFile getSevenZFile(File archiveFile) throws IOException {
300+
return SevenZFile.builder().setFile(archiveFile).get();
301+
}
302+
303+
private static boolean isEntryPathSafe(File targetPath, String entryName) throws IOException {
304+
File destinationFile = new File(targetPath, entryName).getCanonicalFile();
305+
return destinationFile.getPath().startsWith(targetPath.getPath() + File.separator) || destinationFile.getPath().equals(targetPath.getPath());
309306
}
310307
}

0 commit comments

Comments
 (0)