rewrite-java-security icon indicating copy to clipboard operation
rewrite-java-security copied to clipboard

Issue discovered on `indexing-hadoop/src/main/java/org/apache/druid/indexer/JobHelper.java` with `Zip slip`

Open JLLeitschuh opened this issue 1 year ago • 0 comments

Problem

There isn't a vulnerability here, but one is being detected and reported here.

Expected behavior

If a vulnerability isn't being fixed, no code changes should be generated.

Example diff

From: indexing-hadoop/src/main/java/org/apache/druid/indexer/JobHelper.java

  try (ZipInputStream in = new ZipInputStream(fileSystem.open(zip, 1 << 13))) {
for (ZipEntry entry = in.getNextEntry(); entry != null; entry = in.getNextEntry()) {
final String fileName = entry.getName();
-                  final String outputPath = new File(outDir, fileName).getAbsolutePath();
+                  final File zipEntryFile = new File(outDir, fileName);
+                  final String outputPath = zipEntryFile.getAbsolutePath();

CompressionUtils.validateZipOutputFile(zip.getName(), new File(outputPath), outDir);

-                  try (final OutputStream out = new BufferedOutputStream(new FileOutputStream(outputPath))) {
+                  try (final OutputStream out = new BufferedOutputStream(new FileOutputStream(new File(outputPath)))) {
  for (int len = in.read(buffer); len >= 0; len = in.read(buffer)) {
    progressable.progress();
    if (len == 0) {

Recipes in example diff:

  • org.openrewrite.java.security.ZipSlip

References:

  • View original result
  • Recipe ID: org.openrewrite.java.security.ZipSlip
  • Recipe Name: Zip slip
  • Repository: apache/druid/master
  • Created at Mon Nov 06 2023 10:11:08 GMT-0800 (Pacific Standard Time)

JLLeitschuh avatar Nov 06 '23 18:11 JLLeitschuh