cur1pro opened a new pull request, #864: URL: https://github.com/apache/tomcat/pull/864
To fix the issue, we need to ensure that paths derived from `entry.getName()` are validated to prevent directory traversal attacks. This involves: 1. Normalizing the path using `java.nio.file.Path.normalize()` or `java.io.File.getCanonicalFile()` to resolve any `../` or similar elements. 2. Verifying that the normalized path starts with the intended base directory using `java.nio.file.Path.startsWith()`. The fix should be applied in the `JarFileUrlJar` class where `entry.getName()` is used, and in the `JspCServletContext` class where `entryName` is processed. Specifically: - In `JarFileUrlJar`, sanitize the output of `entry.getName()` before returning it in `getEntryName()`. - In `JspCServletContext`, validate `entryName` before adding it to `thePaths`. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
