From 61dafe247d872f8cfc5df02afb7c742dbb4c5564 Mon Sep 17 00:00:00 2001 From: teresa Date: Fri, 6 Jun 2025 02:30:58 +0800 Subject: [PATCH] Security Fix: Critical Zip Slip Vulnerability in Training Data Extraction This PR addresses a **critical Zip Slip vulnerability** in the training data extraction functionality that allows attackers to write arbitrary files anywhere on the server filesystem through malicious ZIP archives. This vulnerability could lead to: - **Remote Code Execution** by overwriting system executables - **Configuration tampering** by modifying application files - **Data corruption** by overwriting critical files - **Privilege escalation** through strategic file placement References https://github.com/dgarijo/Widoco/commit/f2279b76827f32190adfa9bd5229b7d5a147fa92 https://cwe.mitre.org/data/definitions/22.html --- .../main/java/top/aias/training/common/utils/ZipUtil.java | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/2_training_platform/train-platform/src/main/java/top/aias/training/common/utils/ZipUtil.java b/2_training_platform/train-platform/src/main/java/top/aias/training/common/utils/ZipUtil.java index 0d8e086a..b83d6641 100644 --- a/2_training_platform/train-platform/src/main/java/top/aias/training/common/utils/ZipUtil.java +++ b/2_training_platform/train-platform/src/main/java/top/aias/training/common/utils/ZipUtil.java @@ -61,7 +61,12 @@ public static void unZipTrainingData(String receivedZipFile, String osName, Stri } filename = filePath + File.separator + filename; - File file = new File(filename); + File file = new File(filePath, filename); + if (!file.toPath().normalize().startsWith(Paths.get(filePath).normalize())) { + log.error("Zip entry attempts path traversal: {}", filename); + throw new SecurityException("Zip entry attempts path traversal: " + filename); + } + if (!file.exists()) { if (ismkdir) { new File(filename.substring(0, filename.lastIndexOf("/"))).mkdirs();