Adds more checks for file write ops

965fd66e · Sergey Toshin · 7d3caa28 · 965fd66e · 965fd66e · 965fd66e
Commit 965fd66e authored Jan 03, 2018 by Sergey Toshin
4 changed files
--- a/.DS_Store
+++ b/.DS_Store
--- a/jadx-core/src/main/java/jadx/core/codegen/CodeWriter.java
+++ b/jadx-core/src/main/java/jadx/core/codegen/CodeWriter.java
@@ -3,6 +3,7 @@ package jadx.core.codegen;
 import jadx.api.CodePosition;
 import jadx.core.dex.attributes.nodes.LineAttrNode;
 import jadx.core.utils.files.FileUtils;
+import jadx.core.utils.files.ZipSecurity;

 import java.io.File;
 import java.io.PrintWriter;
@@ -272,10 +273,16 @@ public class CodeWriter {
 	}

 	public void save(File dir, String subDir, String fileName) {
+		if(!ZipSecurity.isValidZipEntryName(subDir) || !ZipSecurity.isValidZipEntryName(fileName)) {
+			return;
+		}
 		save(dir, new File(subDir, fileName).getPath());
 	}

 	public void save(File dir, String fileName) {
+		if(!ZipSecurity.isValidZipEntryName(fileName)) {
+			return;
+		}
 		save(new File(dir, fileName));
 	}


--- a/jadx-core/src/main/java/jadx/core/dex/visitors/SaveCode.java
+++ b/jadx-core/src/main/java/jadx/core/dex/visitors/SaveCode.java
@@ -4,6 +4,7 @@ import jadx.api.IJadxArgs;
 import jadx.core.codegen.CodeWriter;
 import jadx.core.dex.nodes.ClassNode;
 import jadx.core.utils.exceptions.CodegenException;
+import jadx.core.utils.files.ZipSecurity;

 import java.io.File;

@@ -25,7 +26,7 @@ public class SaveCode extends AbstractVisitor {
 	public static void save(File dir, IJadxArgs args, ClassNode cls) {
 		CodeWriter clsCode = cls.getCode();
 		String fileName = cls.getClassInfo().getFullPath() + ".java";
-		if (args.isFallbackMode()) {
+  		if (args.isFallbackMode()) {
 			fileName += ".jadx";
 		}
 		clsCode.save(dir, fileName);

--- a/jadx-core/src/main/java/jadx/core/utils/files/ZipSecurity.java
+++ b/jadx-core/src/main/java/jadx/core/utils/files/ZipSecurity.java
@@ -10,7 +10,7 @@ public class ZipSecurity {
 	private static final Logger LOG = LoggerFactory.getLogger(ZipSecurity.class);
 	
 	// size of uncompressed zip entry shouldn't be bigger of compressed in MAX_SIZE_DIFF times
-	private static final int MAX_SIZE_DIFF = 5;
+	private static final int MAX_SIZE_DIFF = 10;
 	
 	private static boolean isInSubDirectory(File base, File file) {
 	    if (file == null) {
@@ -32,11 +32,11 @@ public class ZipSecurity {
 			if(isInSubDirectory(currentPath, canonical)) {
 				return true;
 			}
-			LOG.debug("Path traversal attack detected, invalid name: {}", entryName);
+			LOG.error("Path traversal attack detected, invalid name: {}", entryName);
 			return false;
 		}
 		catch(Exception e) {
-			LOG.debug("Path traversal attack detected, invalid name: {}", entryName);
+			LOG.error("Path traversal attack detected, invalid name: {}", entryName);
 			return false;
 		}
 	}
@@ -48,7 +48,8 @@ public class ZipSecurity {
 			return true;
 		}
 		if(compressedSize * MAX_SIZE_DIFF < uncompressedSize) {
-			LOG.debug("Zip bomp attack detected, invalid sizes: compressed {}, uncompressed {}", compressedSize, uncompressedSize);
+			LOG.error("Zip bomp attack detected, invalid sizes: compressed {}, uncompressed {}, name {}",
+					compressedSize, uncompressedSize, entry.getName());
 			return true;
 		}
 		return false;