Android Question Fixing a Zip Path Traversal Vulnerability

Discussion in 'Android Questions' started by Filippo, Jun 11, 2019.

  1. Filippo

    Filippo Expert Licensed User

    Hi,

    I have this warning message in Google Play Console because I am using the library "unzipzip" in my app, how can I solve the problem?

     
  2. Erel

    Erel Administrator Staff Member Licensed User

    Are you unzipping external files? If you are only unzipping your own files then this is not really relevant.

    Why aren't you using Archiver library (though I'm not sure that it makes this check or not)?
    The library developer should add this check.
     
  3. Filippo

    Filippo Expert Licensed User

    Hi Erel,
    Under File.DirInternal, the app creates CSV files. The user has the option to create a backup as a zip file under file.DirRootExternal.
    These backups can then also be restored, so I can no longer guarantee whether the backup file is safe.
     
  4. Erel

    Erel Administrator Staff Member Licensed User

  5. Filippo

    Filippo Expert Licensed User

  6. Erel

    Erel Administrator Staff Member Licensed User

    You cannot add it yourself. The library author should add it.
     
  7. Filippo

    Filippo Expert Licensed User

    Thanks Erel! Then I have to think of something to solve the problem.
     
  8. Erel

    Erel Administrator Staff Member Licensed User

    First step is to ask Informatix to update the library. It should be a small change.
     
    Filippo likes this.
Loading...
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice