Skip to content

Path Manipulation #73

New issue
New issue
Open
Open
Path Manipulation#73
@QiAnXinCodeSafe

Description

@QiAnXinCodeSafe
QiAnXinCodeSafe
opened on Oct 29, 2020

parsec/parsec-gradle-plugin/src/main/java/com/yahoo/parsec/gradle/utils/FileUtils.java

Lines 180 to 183 in 564f47f

while ((zipEntry = zip.getNextEntry()) != null) {
String entryName = zipEntry.getName();
if (entryName.startsWith(directory + "/")) {
paths.add(Paths.get("/" + entryName));

Allowing user input to control paths used in file system operations could enable an attacker to access or modify otherwise protected system resources.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions