From e28c251a2dbf97e5e8273177d05a6f8743c9902c Mon Sep 17 00:00:00 2001 From: AB Date: Wed, 15 Oct 2025 11:20:00 +0200 Subject: [PATCH] Detect ZIP slip --- .config/pmd/java/ruleset.xml | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) diff --git a/.config/pmd/java/ruleset.xml b/.config/pmd/java/ruleset.xml index 4570323..c72b66a 100644 --- a/.config/pmd/java/ruleset.xml +++ b/.config/pmd/java/ruleset.xml @@ -316,6 +316,28 @@ + + + ZipEntry name should be sanitized. + Unsanitized names may contain '..' which can result in path traversal ("ZipSlip"). + + You can suppress this warning when you properly sanitized the name. + + 4 + + + + + + + + +