Uploaded image for project: 'Service Design and Creation'
  1. Service Design and Creation
  2. SDC-1401

Fix Zip Slip vulnerabilities when content of a ZIP files is extracted

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Done
    • Icon: Medium Medium
    • Frankfurt Release
    • Amsterdam Release, Beijing Release, Casablanca Release, Dublin Release, El Alto Release
    • SDC
    • SDC Sprint 20, SDC Sprint 21, SDC Sprint 22, SDC Sprint 23

      As SDC work extensively with archives (artifacts), it's vulnerable to Zip Slip exploit https://snyk.io/research/zip-slip-vulnerability.

      Suspected classes:

      • onap/sdc/common-app-api/src/main/java/org/openecomp/sdc/common/util/ZipUtil.java
      • onap/sdc/openecomp-be/lib/openecomp-common-lib/src/main/java/org/openecomp/sdc/common/utils/CommonUtil.java
      • onap/sdc/openecomp-be/lib/openecomp-sdc-translator-lib/openecomp-sdc-translator-core/src/main/java/org/openecomp/sdc/translator/utilsResourceWalker.java--
      • onap/sdc/openecomp-be/tools/zusammen-tools/src/main/java/org/openecomp/core/tools/util/ZipUtils.java
      • -onap/sdc/openecomp-be/lib/openecomp-core-lib/openecomp-utilities-lib/src/main/java/org/openecomp/core/utilities/file/FileUtils.java -> getFileContentMapFromZip-

        1. SDC_CI_Extent_Report.html
          102 kB

            andre.schmid andre.schmid
            vempo vempo
            Votes:
            0 Vote for this issue
            Watchers:
            5 Start watching this issue

              Created:
              Updated:
              Resolved: