Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
openSUSE:Leap:15.5:Update
testng.28270
testng-CVE-2022-4065.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File testng-CVE-2022-4065.patch of Package testng.28270
diff --git a/src/main/java/org/testng/JarFileUtils.java b/src/main/java/org/testng/JarFileUtils.java index 683a8b5..2f2ed8f 100644 --- a/src/main/java/org/testng/JarFileUtils.java +++ b/src/main/java/org/testng/JarFileUtils.java @@ -77,6 +77,9 @@ class JarFileUtils { if (Parser.canParse(jeName.toLowerCase())) { InputStream inputStream = jf.getInputStream(je); File copyFile = new File(file, jeName); + if (!copyFile.toPath().normalize().startsWith(file.toPath().normalize())) { + throw new IOException("Bad zip entry"); + } Files.copyFile(inputStream, copyFile); if (matchesXmlPathInJar(je)) { suitePath = copyFile.toString();
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor
