srikanth-lingala
commented
2 years ago I modified the code to append file separator only if it doesn't already contain one. I will include this fix in the next release.
Closed christian3042 closed 2 years ago
srikanth-lingala
commented
2 years ago I modified the code to append file separator only if it doesn't already contain one. I will include this fix in the next release.
srikanth-lingala
commented
2 years ago Fix included in v2.11.2 released today
Hi, I was running the zip4j library in a docker container. When I tried to extract something in the root directory, I received the following error: net.lingala.zip4j.exception.ZipException: illegal file name that breaks out of the target directory: backup_keys.csv at net.lingala.zip4j.tasks.AbstractExtractFileTask.assertCanonicalPathsAreSame(AbstractExtractFileTask.java:84) ~[zip4j-2.11.1.jar!/:na] at net.lingala.zip4j.tasks.AbstractExtractFileTask.extractFile(AbstractExtractFileTask.java:52) ~[zip4j-2.11.1.jar!/:na] at net.lingala.zip4j.tasks.ExtractAllFilesTask.executeTask(ExtractAllFilesTask.java:41) ~[zip4j-2.11.1.jar!/:na] at net.lingala.zip4j.tasks.ExtractAllFilesTask.executeTask(ExtractAllFilesTask.java:17) ~[zip4j-2.11.1.jar!/:na] at net.lingala.zip4j.tasks.AsyncZipTask.performTaskWithErrorHandling(AsyncZipTask.java:51) ~[zip4j-2.11.1.jar!/:na] at net.lingala.zip4j.tasks.AsyncZipTask.execute(AsyncZipTask.java:45) ~[zip4j-2.11.1.jar!/:na] at net.lingala.zip4j.ZipFile.extractAll(ZipFile.java:470) ~[zip4j-2.11.1.jar!/:na] at net.lingala.zip4j.ZipFile.extractAll(ZipFile.java:441) ~[zip4j-2.11.1.jar!/:na]
I think I found the issue in the following file: https://github.com/srikanth-lingala/zip4j/blob/master/src/main/java/net/lingala/zip4j/tasks/AbstractExtractFileTask.java
and the following line: String outputCanonicalPath = (new File(outputPath).getCanonicalPath()) + File.separator;
So when I'm in the root directory / it appends another /, which results in // and then the startsWith check fails. As a workaround I think I could create a subdirectory. Even though it might be strange to extract into the subdirectory, it should be technically possible in my opinion. When I was running the Spring Boot application locally, I did not face any issues. This was due to the relative path "." was not resolved to the root directory, but to the directory, where the application was running. Please let me know if this can be fixed.