From d832a90de0ea3373de21f71c298230d27195de70 Mon Sep 17 00:00:00 2001
From: "pixeebot[bot]" <104101892+pixeebot[bot]@users.noreply.github.com>
Date: Wed, 27 Nov 2024 07:16:03 +0000
Subject: [PATCH] (CodeQL) Fixed finding: "Arbitrary file access during archive
 extraction ("Zip Slip") " (#2344)

(CodeQL) Fixed finding: "Arbitrary file access during archive extraction ("Zip Slip")
"

Co-authored-by: pixeebot[bot] <104101892+pixeebot[bot]@users.noreply.github.com>
---
 .../stirling/software/SPDF/utils/FileToPdf.java    | 14 ++++++++++++--
 1 file changed, 12 insertions(+), 2 deletions(-)

diff --git a/src/main/java/stirling/software/SPDF/utils/FileToPdf.java b/src/main/java/stirling/software/SPDF/utils/FileToPdf.java
index d18277df..3dabef54 100644
--- a/src/main/java/stirling/software/SPDF/utils/FileToPdf.java
+++ b/src/main/java/stirling/software/SPDF/utils/FileToPdf.java
@@ -105,7 +105,7 @@ public class FileToPdf {
                         new ByteArrayInputStream(Files.readAllBytes(zipFilePath)))) {
             ZipEntry entry = zipIn.getNextEntry();
             while (entry != null) {
-                Path filePath = tempUnzippedDir.resolve(entry.getName());
+                Path filePath = tempUnzippedDir.resolve(sanitizeZipFilename(entry.getName()));
                 if (!entry.isDirectory()) {
                     Files.createDirectories(filePath.getParent());
                     if (entry.getName().toLowerCase().endsWith(".html")
@@ -175,7 +175,7 @@ public class FileToPdf {
                 ZipSecurity.createHardenedInputStream(new ByteArrayInputStream(fileBytes))) {
             ZipEntry entry = zipIn.getNextEntry();
             while (entry != null) {
-                Path filePath = tempDirectory.resolve(entry.getName());
+                Path filePath = tempDirectory.resolve(sanitizeZipFilename(entry.getName()));
                 if (entry.isDirectory()) {
                     Files.createDirectories(filePath); // Explicitly create the directory structure
                 } else {
@@ -241,4 +241,14 @@ public class FileToPdf {
             Files.deleteIfExists(tempOutputFile);
         }
     }
+    
+    static String sanitizeZipFilename(String entryName) {
+        if (entryName == null || entryName.trim().isEmpty()) {
+            return entryName;
+        }
+        while (entryName.contains("../") || entryName.contains("..\\")) {
+            entryName = entryName.replace("../", "").replace("..\\", "");
+        }
+        return entryName;
+    }
 }