问题
I used zip4j library for unzipping files to internal app folder (i.e. getApplicationInfo().dataDir + "/databases") and the App is published on play store, console give warring of "Fixing a Zip Path Traversal Vulnerability In Android"
https://support.google.com/faqs/answer/9294009
How to resolve this issue or any other libs for extracting unzip the password-protected zip file. thanks
here code for extracting password-protected zip file.
try {
net.lingala.zip4j.core.ZipFile zipFile = new net.lingala.zip4j.core.ZipFile(zipFilePath);
if (zipFile.isEncrypted())
zipFile.setPassword(pass.toCharArray());
File des = new File(unzipAtLocation);
boolean isCreated = true;
if (!des.exists())
isCreated = des.mkdirs();
if (isCreated)
zipFile.extractAll(unzipAtLocation);
} catch (Exception e) {
Log.e("Unzip zip", "Unzip exception", e);
}
回答1:
This issue has been fixed in version 2.3.1 of Zip4j.
Anyone having the same problem should upgrade the version of the library to 2.3.1 and above.
Source.
来源:https://stackoverflow.com/questions/59879078/using-zip4j-library-give-warning-error-in-play-console-how-to-resolve