-
Bug
-
Resolution: Done
-
Medium
-
Amsterdam Release, Beijing Release, Casablanca Release, Dublin Release, El Alto Release
-
SDC Sprint 20, SDC Sprint 21, SDC Sprint 22, SDC Sprint 23
As SDC work extensively with archives (artifacts), it's vulnerable to Zip Slip exploit https://snyk.io/research/zip-slip-vulnerability.
Suspected classes:
onap/sdc/common-app-api/src/main/java/org/openecomp/sdc/common/util/ZipUtil.javaonap/sdc/openecomp-be/lib/openecomp-common-lib/src/main/java/org/openecomp/sdc/common/utils/CommonUtil.javaonap/sdc/openecomp-be/lib/openecomp-sdc-translator-lib/openecomp-sdc-translator-core/src/main/java/org/openecomp/sdc/translator/utilsResourceWalker.java--onap/sdc/openecomp-be/tools/zusammen-tools/src/main/java/org/openecomp/core/tools/util/ZipUtils.java- -onap/sdc/openecomp-be/lib/openecomp-core-lib/openecomp-utilities-lib/src/main/java/org/openecomp/core/utilities/file/FileUtils.java -> getFileContentMapFromZip-
- links to