ToxicMushroom/Dalamud
1
0
Fork 0
mirror of https://github.com/goatcorp/Dalamud.git synced 2025-12-12 18:27:23 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

fix: folders in plugin zips, throw if DLL can't be overwritten

Browse source
This commit is contained in:
goat 2021-08-22 17:26:16 +02:00
parent 3371fa1319
commit 3c5c7fbc80
No known key found for this signature in database
GPG key ID: F18F057873895461
1 changed files with 21 additions and 7 deletions
Download patch file Download diff file Expand all files Collapse all files

28
Dalamud/Plugin/Internal/PluginManager.cs
View file

@ -414,31 +414,45 @@ namespace Dalamud.Plugin.Internal
Log.Debug($"Extracting to {outputDir}");
// This throws an error, even with overwrite=false
// ZipFile.ExtractToDirectory(tempZip.FullName, outputDir.FullName, false);
using (var archive = new ZipArchive(response.Content.ReadAsStream()))
using (var archive = new ZipArchive(await response.Content.ReadAsStreamAsync()))
{
foreach (var zipFile in archive.Entries)
{
var completeFileName = Path.GetFullPath(Path.Combine(outputDir.FullName, zipFile.FullName));
var outputFile = new FileInfo(Path.GetFullPath(Path.Combine(outputDir.FullName, zipFile.FullName)));
if (!completeFileName.StartsWith(outputDir.FullName, StringComparison.OrdinalIgnoreCase))
if (!outputFile.FullName.StartsWith(outputDir.FullName, StringComparison.OrdinalIgnoreCase))
{
throw new IOException("Trying to extract file outside of destination directory. See this link for more info: https://snyk.io/research/zip-slip-vulnerability");
}
if (zipFile.Name == string.Empty)
if (outputFile.Directory == null)
{
throw new IOException("Output directory invalid.");
}
if (zipFile.Name.IsNullOrEmpty())
{
Log.Error("zipFile.Name is null or empty");
// Assuming Empty for Directory
Directory.CreateDirectory(Path.GetDirectoryName(completeFileName));
Directory.CreateDirectory(outputFile.Directory.FullName);
continue;
}
// Ensure directory is created
Directory.CreateDirectory(outputFile.Directory.FullName);
try
{
zipFile.ExtractToFile(completeFileName, true);
zipFile.ExtractToFile(outputFile.FullName, true);
}
catch (Exception ex)
{
Log.Information($"Could not overwrite {zipFile.Name}: {ex.Message}");
if (outputFile.Extension.EndsWith("dll"))
{
throw new IOException($"Could not overwrite {zipFile.Name}: {ex.Message}");
}
Log.Error($"Could not overwrite {zipFile.Name}: {ex.Message}");
}
}
}