ADFA-2589 Fix unzip hygiene

[hal-eisen-adfa]

Improve Path Validation
Add Entry Name Sanitization
Align with Existing Patterns

[coderabbitai]

📝 Walkthrough

Release Notes

Security Improvements

• Directory Traversal Protection: Enhanced zip extraction security to prevent directory traversal attacks during asset installation

  • Normalizes and converts destination directory to absolute path to prevent symlink-based bypasses
  • Validates all zip entry names to reject entries containing "..", starting with "/", or starting with ""
  • Uses Path.startsWith() for boundary validation instead of string-based comparisons, ensuring entries cannot be extracted outside the target directory

• Path Validation: Resolves and normalizes the destination file path before writing to ensure it remains within the designated extraction directory

Error Handling

• Throws IllegalStateException with clear security-focused error messages when dangerous path components or out-of-bounds entries are detected

Best Practices Alignment

• Implements robust path validation using Java's Path API, which is more secure than string manipulation
• Follows OWASP guidelines for secure zip extraction
• Aligns implementation with existing project patterns for asset handling

Risk Considerations

• ⚠️ None identified: The implementation follows security best practices for zip file extraction and should not cause legitimate extraction failures for properly formatted zip archives

Walkthrough

This PR implements a security fix to prevent directory traversal attacks in ZIP file extraction. The changes normalize the destination directory path, validate ZIP entry names to reject unsafe patterns, and replace string-based path checks with Path-based validation logic.

Changes

Cohort / File(s)	Summary
Security: ZIP Extraction Directory Traversal Prevention app/src/main/java/com/itsaky/androidide/assets/AssetsInstallationHelper.kt	Adds ZIP entry validation with normalized path handling; rejects entries containing .. or starting with / or \; replaces string-based path comparison with safe Path.startsWith() checks; throws IllegalStateException for dangerous entries or paths outside target directory

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~15 minutes

Possibly related PRs

• ADFA-2498 Plumbing for plugin-artifacts.zip #792: Implements the same directory traversal security fix for ZIP extraction in related asset installer components using Path-based validation.

Suggested reviewers

• itsaky-adfa
• Daniel-ADFA

Poem

🐰 Hop, hop, hooray! The rabbit rejoices,
As zip files now heed safer voices,
No traversals dance through the directory's gates,
Path validation now seals the fates! 🔐✨

🚥 Pre-merge checks | ✅ 2 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title 'ADFA-2589 Fix unzip hygiene' directly addresses the main change: improving zip extraction security by validating entries and preventing directory traversal attacks.
Description check	✅ Passed	The description relates to the changeset by mentioning path validation, entry name sanitization, and alignment with patterns, all of which are present in the code changes.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing touches

• 📝 Generate docstrings

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}