From 56cc06bded801ee0a4c8f6258d0858c98e7785fd Mon Sep 17 00:00:00 2001 From: Yueyu <donald@drmer.net> Date: Tue, 5 Apr 2022 22:56:58 +0900 Subject: [PATCH] android: continue to SecurityException --- .../app/src/main/java/org/scratchjr/android/ScratchJrUtil.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/android/ScratchJr/app/src/main/java/org/scratchjr/android/ScratchJrUtil.java b/android/ScratchJr/app/src/main/java/org/scratchjr/android/ScratchJrUtil.java index 117de91..46fc789 100644 --- a/android/ScratchJr/app/src/main/java/org/scratchjr/android/ScratchJrUtil.java +++ b/android/ScratchJr/app/src/main/java/org/scratchjr/android/ScratchJrUtil.java @@ -195,7 +195,7 @@ public class ScratchJrUtil { // we need to confirm it will only extract to the expected folder. // For more details see https://support.google.com/faqs/answer/9294009 if (!unzipFile.getCanonicalPath().startsWith(toPath)) { - continue; + throw new SecurityException("Unsafe file path found and unzipping will not be allowed for security purposes."); } if (ze.isDirectory()) { if(!unzipFile.isDirectory()) {