Hi,
I was running the zip4j library in a docker container. When I tried to extract something in the root directory, I received the following error:
net.lingala.zip4j.exception.ZipException: illegal file name that breaks out of the target directory: backup_keys.csv
at net.lingala.zip4j.tasks.AbstractExtractFileTask.assertCanonicalPathsAreSame(AbstractExtractFileTask.java:84) ~[zip4j-2.11.1.jar!/:na]
at net.lingala.zip4j.tasks.AbstractExtractFileTask.extractFile(AbstractExtractFileTask.java:52) ~[zip4j-2.11.1.jar!/:na]
at net.lingala.zip4j.tasks.ExtractAllFilesTask.executeTask(ExtractAllFilesTask.java:41) ~[zip4j-2.11.1.jar!/:na]
at net.lingala.zip4j.tasks.ExtractAllFilesTask.executeTask(ExtractAllFilesTask.java:17) ~[zip4j-2.11.1.jar!/:na]
at net.lingala.zip4j.tasks.AsyncZipTask.performTaskWithErrorHandling(AsyncZipTask.java:51) ~[zip4j-2.11.1.jar!/:na]
at net.lingala.zip4j.tasks.AsyncZipTask.execute(AsyncZipTask.java:45) ~[zip4j-2.11.1.jar!/:na]
at net.lingala.zip4j.ZipFile.extractAll(ZipFile.java:470) ~[zip4j-2.11.1.jar!/:na]
at net.lingala.zip4j.ZipFile.extractAll(ZipFile.java:441) ~[zip4j-2.11.1.jar!/:na]
and the following line:
String outputCanonicalPath = (new File(outputPath).getCanonicalPath()) + File.separator;
So when I'm in the root directory / it appends another /, which results in // and then the startsWith check fails. As a workaround I think I could create a subdirectory. Even though it might be strange to extract into the subdirectory, it should be technically possible in my opinion. When I was running the Spring Boot application locally, I did not face any issues. This was due to the relative path "." was not resolved to the root directory, but to the directory, where the application was running. Please let me know if this can be fixed.
Hi, I was running the zip4j library in a docker container. When I tried to extract something in the root directory, I received the following error: net.lingala.zip4j.exception.ZipException: illegal file name that breaks out of the target directory: backup_keys.csv at net.lingala.zip4j.tasks.AbstractExtractFileTask.assertCanonicalPathsAreSame(AbstractExtractFileTask.java:84) ~[zip4j-2.11.1.jar!/:na] at net.lingala.zip4j.tasks.AbstractExtractFileTask.extractFile(AbstractExtractFileTask.java:52) ~[zip4j-2.11.1.jar!/:na] at net.lingala.zip4j.tasks.ExtractAllFilesTask.executeTask(ExtractAllFilesTask.java:41) ~[zip4j-2.11.1.jar!/:na] at net.lingala.zip4j.tasks.ExtractAllFilesTask.executeTask(ExtractAllFilesTask.java:17) ~[zip4j-2.11.1.jar!/:na] at net.lingala.zip4j.tasks.AsyncZipTask.performTaskWithErrorHandling(AsyncZipTask.java:51) ~[zip4j-2.11.1.jar!/:na] at net.lingala.zip4j.tasks.AsyncZipTask.execute(AsyncZipTask.java:45) ~[zip4j-2.11.1.jar!/:na] at net.lingala.zip4j.ZipFile.extractAll(ZipFile.java:470) ~[zip4j-2.11.1.jar!/:na] at net.lingala.zip4j.ZipFile.extractAll(ZipFile.java:441) ~[zip4j-2.11.1.jar!/:na]
I think I found the issue in the following file: https://github.com/srikanth-lingala/zip4j/blob/master/src/main/java/net/lingala/zip4j/tasks/AbstractExtractFileTask.java
and the following line: String outputCanonicalPath = (new File(outputPath).getCanonicalPath()) + File.separator;
So when I'm in the root directory / it appends another /, which results in // and then the startsWith check fails. As a workaround I think I could create a subdirectory. Even though it might be strange to extract into the subdirectory, it should be technically possible in my opinion. When I was running the Spring Boot application locally, I did not face any issues. This was due to the relative path "." was not resolved to the root directory, but to the directory, where the application was running. Please let me know if this can be fixed.