This is an automated email from the ASF dual-hosted git repository.
lzljs3620320 pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/flink-table-store.git
The following commit(s) were added to refs/heads/master by this push:
new ac043ede [hotfix] [SECURITY] Fix Zip Slip Vulnerability
ac043ede is described below
commit ac043edef8db0ec35a5a1c25eb0150893c039c69
Author: Jonathan Leitschuh <jonathan.leitsc...@gmail.com>
AuthorDate: Thu Nov 17 21:40:53 2022 -0500
[hotfix] [SECURITY] Fix Zip Slip Vulnerability
This closes #387
---
.../org/apache/flink/table/store/utils/CompatibilityTestUtils.java | 3 +++
1 file changed, 3 insertions(+)
diff --git
a/flink-table-store-core/src/test/java/org/apache/flink/table/store/utils/CompatibilityTestUtils.java
b/flink-table-store-core/src/test/java/org/apache/flink/table/store/utils/CompatibilityTestUtils.java
index a76f8d72..377b6af6 100644
---
a/flink-table-store-core/src/test/java/org/apache/flink/table/store/utils/CompatibilityTestUtils.java
+++
b/flink-table-store-core/src/test/java/org/apache/flink/table/store/utils/CompatibilityTestUtils.java
@@ -39,6 +39,9 @@ public class CompatibilityTestUtils {
ZipEntry entry;
while ((entry = zip.getNextEntry()) != null) {
File file = new File(targetDirectory, entry.getName());
+ if (!file.toPath().normalize().startsWith(targetDirectory)) {
+ throw new IOException("Bad zip entry");
+ }
if (entry.isDirectory()) {
file.mkdirs();
