hz/java-servers
1
0
Fork 0
mirror of https://codeup.aliyun.com/67762337eccfc218f6110e0e/per-boe/java-servers.git synced 2025-12-19 07:46:50 +08:00
Code Issues Packages Projects Releases Wiki Activity

路径遍历

Browse Source
This commit is contained in:
yang
2024-08-26 17:00:10 +08:00
parent 776e1e6cbc
commit bea6d680e9
8 changed files with 42 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
modules/boe-module-scorm/src/main/java/com/xboe/module/scorm/cam/load/ContentPackageGenerator.java
View File

@@ -119,6 +119,10 @@ public class ContentPackageGenerator {
private String scormPkgDir;
public ContentPackage generateContentPackageFromFile(String scormPkgDir) {
if (scormPkgDir.contains("..")) {
throw new SecurityException("输入路径包含不安全的字符");
}
if (scormPkgDir == null) {
log.error("scorm package directory is null");
return contentPackage;

4
modules/boe-module-scorm/src/main/java/com/xboe/module/scorm/cam/load/FileUtils.java
View File

@@ -44,6 +44,10 @@ public class FileUtils {
}
public static File createFile(String dstPath, String fileName) throws IOException {
if (dstPath.contains("..") || fileName.contains("..")) {
throw new SecurityException("输入路径包含不安全的字符");
}
String[] dirs = fileName.split("/");
File file = new File(dstPath);

5
modules/boe-module-scorm/src/main/java/com/xboe/module/scorm/cam/load/SCORMPackageManager.java
View File

@@ -119,6 +119,11 @@ public class SCORMPackageManager {
return null;
}
if (packagePath.contains("..")) {
// throw new SecurityException("输入路径包含不安全的字符");
return null;
}
// step 1: uncompress
File f=new File(packagePath);
if(!f.exists()) {

4
modules/boe-module-scorm/src/main/java/com/xboe/module/scorm/cam/load/ZipUtils.java
View File

@@ -60,6 +60,10 @@ public class ZipUtils {
}
public static boolean decompressZip(String zipFilePath, String saveFileDir) {
if (saveFileDir.contains("..")) {
throw new SecurityException("输入路径包含不安全的字符");
}
if (!isEndWithZip(zipFilePath)) {
return false;
}