in src/main/java/org/apache/sling/feature/extension/unpack/Unpack.java [182:221]
private void unpack(String dir, InputStream stream, boolean override, String index) throws IOException {
File base = new File(dir);
if (!base.isDirectory() && !base.mkdirs()) {
throw new IOException("Unable to find or created base dir: " + base);
}
try (JarInputStream jarInputStream = new JarInputStream(stream)) {
String indexValue = null;
if (index != null) {
Manifest mf = jarInputStream.getManifest();
if (mf != null) {
indexValue = mf.getMainAttributes().getValue(index);
}
}
List<String> roots = parseRoots(indexValue);
for (ZipEntry entry = jarInputStream.getNextEntry(); entry != null; entry = jarInputStream.getNextEntry()) {
if (!entry.isDirectory() && !entry.getName().toLowerCase().startsWith("meta-inf/") && isRoot(roots, entry.getName())) {
File target = new File(base, relativize(roots, entry.getName()));
if (target.getParentFile().toPath().startsWith(base.toPath())) {
if (target.getParentFile().isDirectory() || target.getParentFile().mkdirs()) {
if (override) {
Files.copy(jarInputStream, target.toPath(), StandardCopyOption.REPLACE_EXISTING);
} else if (!target.exists()) {
try {
Files.copy(jarInputStream, target.toPath());
} catch (FileAlreadyExistsException ex) {
}
}
} else {
throw new IOException("Can't create parent dir:" + target.getParentFile());
}
} else {
throw new IOException("Zip slip detected for: " + entry.getName());
}
}
}
}
}