Skip to content

ADFA-2590 Fix unzip hygiene#849

Merged
davidschachterADFA merged 1 commit intostagefrom
ADFA-2590-Reduce-security-risk-during-unzipping-assets
Jan 17, 2026
Merged

ADFA-2590 Fix unzip hygiene#849
davidschachterADFA merged 1 commit intostagefrom
ADFA-2590-Reduce-security-risk-during-unzipping-assets

Conversation

@hal-eisen-adfa
Copy link
Collaborator

Improve Path Validation
Add Entry Name Sanitization
Align with Existing Patterns

@coderabbitai
Copy link
Contributor

coderabbitai bot commented Jan 17, 2026

📝 Walkthrough

Release Notes - ADFA-2590: Fix unzip hygiene

Security Improvements

  • Path traversal attack mitigation: Implemented comprehensive validation of ZipEntry paths to prevent directory traversal attacks during AAR extraction
  • Dangerous path pattern detection: Added checks to reject entries containing .., leading /, or leading \ characters that could be used for path traversal
  • Secure path resolution: Replaced direct File-based path construction with Java NIO Path API using resolve() and normalize() for proper path handling
  • Output containment validation: Added Path.startsWith() check to ensure all extracted files remain within the intended target directory (versionedUnzipDir)
  • Absolute path normalization: Normalized and converted the target directory to an absolute path before processing entries, ensuring consistent path comparisons

Changes Made

  • Added java.nio.file.Path import to support secure path operations
  • Enhanced unzip process for Llama AAR with 19 lines added and 1 line removed
  • Maintained existing error handling and cleanup logic (recursive deletion on failures)

Risk Considerations

⚠️ None identified - These are purely defensive security improvements with no breaking changes to the public API or existing functionality

Walkthrough

This PR enhances security in the DynamicLibraryLoader.kt by adding path traversal prevention during Llama AAR unzipping. It validates and normalizes ZipEntry paths, computes absolute normalized destinations, and uses Path-based validation to ensure extracted files remain within the intended directory.

Changes

Cohort / File(s) Summary
Path Traversal Prevention
app/src/main/java/com/itsaky/androidide/utils/DynamicLibraryLoader.kt
Adds validation for ZipEntry paths with dangerous pattern detection (.., leading slashes); computes normalized unzip destination directory; replaces File-based path construction with Path-based validation using Path.startsWith; throws IllegalStateException on traversal violations.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Possibly related PRs

  • ADFA-2589 Fix unzip hygiene  #848 — Implements the same path-sanitization fix pattern (normalizing destinations, validating entry names, using Path.startsWith) in a different module, enabling consistency across unzip operations.

Suggested reviewers

  • itsaky-adfa
  • jatezzz
  • Daniel-ADFA
  • dara-abijo-adfa

Poem

🐰 A path traversal scheme most dire,
Now blocked by validation's fire!
Normalized dirs and checks so keen,
Keep extraction clean and lean.
Security hops through every file,
Making safety's worth worthwhile! 🛡️

🚥 Pre-merge checks | ✅ 3
✅ Passed checks (3 passed)
Check name Status Explanation
Title check ✅ Passed The title 'ADFA-2590 Fix unzip hygiene' is directly related to the changeset, which focuses on fixing security issues in the unzipping process for the Llama AAR file.
Description check ✅ Passed The description outlines three key aspects (Path Validation, Entry Name Sanitization, and Alignment with Existing Patterns) that align with the actual changes made to the unzip functionality.
Docstring Coverage ✅ Passed Docstring coverage is 100.00% which is sufficient. The required threshold is 80.00%.

✏️ Tip: You can configure your own custom pre-merge checks in the settings.

✨ Finishing touches
  • 📝 Generate docstrings

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

@hal-eisen-adfa hal-eisen-adfa requested a review from a team January 17, 2026 06:50
@davidschachterADFA davidschachterADFA merged commit 0136911 into stage Jan 17, 2026
2 checks passed
@davidschachterADFA davidschachterADFA deleted the ADFA-2590-Reduce-security-risk-during-unzipping-assets branch January 17, 2026 07:10
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants

Comments