Child pages
  • Application Developer Considerations
Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

Version 1 Current »

If you are writing an application to read and write .ZIP files.  Consider the following in your coding practices.

  1. Path Traversal - The format defines storage locations for file and path locations.  If you are reading a .ZIP file, make sure the code you write includes logic to avoid path traversal errors which could result in a malicious file being extracted that overwrites a valid system file, or other file.  Check for conditions where a stored path may include a form such as ..\..\..\..\..\..\..\..\malicious_file.txt.  The "dotted" paths in this file name could, if not accounted for within your application, extract and overwrite an important file.
  • No labels