问题描述
我使用了 zip4j 库将文件解压缩到内部应用程序文件夹(即 getApplicationInfo().dataDir + "/databases"
),并且该应用已在Play商店中发布,控制台发出警告修复Android中的Zip路径遍历漏洞"
I used zip4j library for unzipping files to internal app folder (i.e. getApplicationInfo().dataDir + "/databases"
) and the App is published on play store, console give warring of "Fixing a Zip Path Traversal Vulnerability In Android"
https://support.google.com/faqs/answer/9294009
如何解决此问题或任何其他用于解压缩受密码保护的zip文件的库.谢谢
How to resolve this issue or any other libs for extracting unzip the password-protected zip file. thanks
此处是用于提取受密码保护的zip文件的代码.
here code for extracting password-protected zip file.
try {
net.lingala.zip4j.core.ZipFile zipFile = new net.lingala.zip4j.core.ZipFile(zipFilePath);
if (zipFile.isEncrypted())
zipFile.setPassword(pass.toCharArray());
File des = new File(unzipAtLocation);
boolean isCreated = true;
if (!des.exists())
isCreated = des.mkdirs();
if (isCreated)
zipFile.extractAll(unzipAtLocation);
} catch (Exception e) {
Log.e("Unzip zip", "Unzip exception", e);
}
推荐答案
此问题已在Zip4j的版本2.3.1
中修复.
This issue has been fixed in version 2.3.1
of Zip4j.
遇到相同问题的任何人都应将库的版本升级到2.3.1及更高版本.
Anyone having the same problem should upgrade the version of the library to 2.3.1 and above.
来源.
这篇关于使用Zip4j库在播放控制台中发出警告错误该如何解决?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!