Skip to content

Commit

Permalink
fix(android): path traversal vulnerability (#698)
Browse files Browse the repository at this point in the history
* fix: path traversal vulnerability android

* docs: library update
  • Loading branch information
vonovak authored Feb 5, 2024
1 parent 0be5a70 commit 1ae7cb2
Show file tree
Hide file tree
Showing 2 changed files with 13 additions and 1 deletion.
4 changes: 4 additions & 0 deletions README.md
Original file line number Diff line number Diff line change
@@ -1,5 +1,9 @@
# react-native-document-picker

πŸ“£πŸ“£ A full rewrite of the library is in progress. πŸ“£πŸ“£

Please subscribe to [this issue](https://github.com/rnmods/react-native-document-picker/issues/603) to receive updates.

🚧🚧 GH discussions available 🚧🚧

If you want to ask questions, we opened [GH discussions](https://github.com/rnmods/react-native-document-picker/discussions) for that purpose! πŸ€— Issue tracker is now reserved for bugs and feature requests only and issues not following the issue template can be closed. Thank you!
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -316,7 +316,7 @@ private void copyFileToLocalStorage(Context context, WritableMap map, Uri uri) {
if (fileName == null) {
fileName = String.valueOf(System.currentTimeMillis());
}
File destFile = new File(dir, fileName);
File destFile = safeGetDestination(new File(dir, fileName), dir.getCanonicalPath());
Uri copyPath = copyFile(context, uri, destFile);
map.putString(FIELD_FILE_COPY_URI, copyPath.toString());
} catch (Exception e) {
Expand All @@ -326,6 +326,14 @@ private void copyFileToLocalStorage(Context context, WritableMap map, Uri uri) {
}
}

public File safeGetDestination(File destFile, String expectedDir) throws IllegalArgumentException, IOException {
String canonicalPath = destFile.getCanonicalPath();
if (!canonicalPath.startsWith(expectedDir)) {
throw new IllegalArgumentException("The copied file is attempting to write outside of the target directory.");
}
return destFile;
}

public static Uri copyFile(Context context, Uri uri, File destFile) throws IOException {
try(InputStream inputStream = context.getContentResolver().openInputStream(uri);
FileOutputStream outputStream = new FileOutputStream(destFile)) {
Expand Down

0 comments on commit 1ae7cb2

Please sign in to comment.