Mitigate Zip Slip exlpoit

Author: ThexXTURBOXx

src/main/java/the/bytecode/club/bytecodeviewer/util/ZipUtils.java

@@ -35,6 +35,7 @@
  */
 public final class ZipUtils {
 
+    // TODO: Maybe migrate to org.apache.commons.compress.archivers.examples.Expander?
     /**
      * Unzip files to path.
      *
@@ -67,6 +68,11 @@ public static void unzipFilesToPath(String jarPath, String destinationDir) throw
                 String fileName = destinationDir + File.separator + entry.getName();
                 File f = new File(fileName);
 
+                if (!f.getCanonicalPath().startsWith(destinationDir)) {
+                    System.out.println("Zip Slip exploit detected. Skipping entry " + entry.getName());
+                    continue;
+                }
+
                 File parent = f.getParentFile();
                 if (!parent.exists()) {
                     parent.mkdirs();
@@ -106,15 +112,15 @@ public static void zipFile(File inputFile, File outputZip) {
 
     public static void zipFolder(String srcFolder, String destZipFile, String ignore) throws Exception {
         try (FileOutputStream fileWriter = new FileOutputStream(destZipFile);
-             ZipOutputStream zip = new ZipOutputStream(fileWriter)){
+             ZipOutputStream zip = new ZipOutputStream(fileWriter)) {
             addFolderToZip("", srcFolder, zip, ignore);
             zip.flush();
         }
     }
 
     public static void zipFolderAPKTool(String srcFolder, String destZipFile) throws Exception {
         try (FileOutputStream fileWriter = new FileOutputStream(destZipFile);
-             ZipOutputStream zip = new ZipOutputStream(fileWriter)){
+             ZipOutputStream zip = new ZipOutputStream(fileWriter)) {
             addFolderToZipAPKTool("", srcFolder, zip);
             zip.flush();
         }
@@ -199,4 +205,4 @@ public static void addFolderToZipAPKTool(String path, String srcFolder, ZipOutpu
             }
         }
     }
-}
+}