Java Zip Slip Vulnerability
Description
Detects potential Zip Slip vulnerabilities where malicious ZIP archives could be used to overwrite files outside the intended extraction directory. This vulnerability occurs when file paths from ZIP entries are not properly validated, allowing path traversal attacks through specially crafted archive files.
Detection Strategy
• Identifies calls to file reading methods like 'readFileToString' that process ZIP archive contents
• Checks if the file path parameter passed to these methods comes from untrusted ZIP archive entries
• Verifies if the code lacks proper path validation or normalization before file operations
• Reports a vulnerability when file operations use unvalidated paths from ZIP entries that could potentially write outside intended directories
Vulnerable code example
import java.util.zip.ZipEntry;
import java.util.zip.ZipFile;
import java.io.File;
public class ZipSlipVulnerable {
public void extractFile(ZipFile zip) throws IOException {
ZipEntry entry = zip.entries().nextElement();
// Vulnerable: No path validation allows directory traversal via ../...✅ Secure code example
import java.util.zip.ZipEntry;
import java.util.zip.ZipFile;
import java.io.File;
import java.io.IOException;
import java.nio.file.Files;
public class ZipSlipSafe {
public void extractFile(ZipFile zip, String targetDir) throws IOException {...Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.