fix: improve logging messages for zip security errors (#750)(PR #1698)

Logging error messages on invalid file-names or path traversal attacks improved
skylot · Oct 6, 2022 · 8a45602 · 8a45602
1 parent 711419a
commit 8a45602
Show file tree

Hide file tree

Showing 2 changed files with 3 additions and 3 deletions.
diff --git a/jadx-core/src/main/java/jadx/core/xmlgen/ResourcesSaver.java b/jadx-core/src/main/java/jadx/core/xmlgen/ResourcesSaver.java
@@ -49,7 +49,7 @@ private void saveResources(ResContainer rc) {
 	private void save(ResContainer rc, File outDir) {
 		File outFile = new File(outDir, rc.getFileName());
 		if (!ZipSecurity.isInSubDirectory(outDir, outFile)) {
-			LOG.error("Path traversal attack detected, invalid resource name: {}", outFile.getPath());
+			LOG.error("Invalid resource name or path traversal attack detected: {}", outFile.getPath());
 			return;
 		}
 		saveToFile(rc, outFile);

diff --git a/jadx-plugins/jadx-plugins-api/src/main/java/jadx/api/plugins/utils/ZipSecurity.java b/jadx-plugins/jadx-plugins-api/src/main/java/jadx/api/plugins/utils/ZipSecurity.java
@@ -53,10 +53,10 @@ public static boolean isValidZipEntryName(String entryName) {
 			if (isInSubDirectoryInternal(currentPath, canonical)) {
 				return true;
 			}
-			LOG.error("Path traversal attack detected, invalid name: {}", entryName);
+			LOG.error("Invalid file name or path traversal attack detected: {}", entryName);
 			return false;
 		} catch (Exception e) {
-			LOG.error("Path traversal attack detected, invalid name: {}", entryName);
+			LOG.error("Invalid file name or path traversal attack detected: {}", entryName);
 			return false;
 		}
 	}