Skip to content

Commit

Permalink
Fixed: DotNetZip Directory Traversal vulnerability
Browse files Browse the repository at this point in the history 
- Removed support for .NET 4.0 in the test samples
  • Loading branch information
@paulushub
paulushub committed Nov 20, 2024
1 parent 59aef84 commit 05c74fe
Show file tree
Hide file tree
Showing 18 changed files with 29 additions and 554 deletions.
19 changes: 0 additions & 19 deletions Samples/GdiW3cSvgTestSuite/App.net40.config
View file

This file was deleted.

25 changes: 1 addition & 24 deletions Samples/GdiW3cSvgTestSuite/GdiW3cSvgTestSuite.VS2017.csproj
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
<Project Sdk="MSBuild.Sdk.Extras">
<PropertyGroup>
<TargetFrameworks>net40;net45;net46;net47;net48</TargetFrameworks>
<TargetFrameworks>net45;net46;net47;net48</TargetFrameworks>
<OutputType>WinExe</OutputType>
<UseWindowsForms>true</UseWindowsForms>
<ExtrasEnableWinFormsProjectSetup>true</ExtrasEnableWinFormsProjectSetup>
Expand All @@ -10,8 +10,6 @@
<GenerateAssemblyInfo>false</GenerateAssemblyInfo>
<UseWindowsForms>true</UseWindowsForms>
<AppendTargetFrameworkToOutputPath>true</AppendTargetFrameworkToOutputPath>
<AppConfig Condition="'$(TargetFramework)' == 'net40'">App.net40.config</AppConfig>
<AutoUnifyAssemblyReferences Condition="'$(TargetFramework)' == 'net40'">false</AutoUnifyAssemblyReferences>
</PropertyGroup>
<PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Debug|AnyCPU' ">
<DebugType>full</DebugType>
Expand All @@ -29,34 +27,13 @@
<RunAnalyzersDuringLiveAnalysis>false</RunAnalyzersDuringLiveAnalysis>
</PropertyGroup>
<PropertyGroup>
<DefineConstants Condition=" '$(TargetFramework)' == 'net40' ">$(DefineConstants);DOTNET40;NETFULL</DefineConstants>
<DefineConstants Condition="$(TargetFramework.StartsWith('net45'))">$(DefineConstants);DOTNET45;NETFULL</DefineConstants>
<DefineConstants Condition="$(TargetFramework.StartsWith('net46'))">$(DefineConstants);DOTNET46;NETFULL</DefineConstants>
<DefineConstants Condition="$(TargetFramework.StartsWith('net47'))">$(DefineConstants);DOTNET47;NETFULL</DefineConstants>
<DefineConstants Condition="$(TargetFramework.StartsWith('net48'))">$(DefineConstants);DOTNET48;NETFULL</DefineConstants>
<DefineConstants Condition="$(TargetFramework.StartsWith('netcore'))">$(DefineConstants);NETCORE</DefineConstants>
<DefineConstants Condition="$(TargetFramework.StartsWith('netstandard'))">$(DefineConstants);NETSTANDARD</DefineConstants>
</PropertyGroup>
<ItemGroup Condition=" '$(TargetFramework)' == 'net40'">
<Reference Include="System.Design" />
<PackageReference Include="Microsoft.Bcl.Async" Version="1.0.168" />
<PackageReference Include="DotNetZip" Version="1.13.8" />
<Reference Include="ICSharpCode.TextEditor">
<HintPath>..\..\Libraries\net40\ICSharpCode.TextEditor.dll</HintPath>
</Reference>
<Reference Include="SharpVectors.ShellFileDialogs">
<HintPath>..\..\Libraries\net40\SharpVectors.ShellFileDialogs.dll</HintPath>
</Reference>
<Reference Include="WeifenLuo.WinFormsUI.Docking">
<HintPath>..\..\Libraries\net40\WeifenLuo.WinFormsUI.Docking.dll</HintPath>
</Reference>
<Reference Include="WeifenLuo.WinFormsUI.Docking.ThemeVS2015">
<HintPath>..\..\Libraries\net40\WeifenLuo.WinFormsUI.Docking.ThemeVS2015.dll</HintPath>
</Reference>
<Reference Include="SharpVectors.HtmlRenderer.WinForms">
<HintPath>..\..\Libraries\net40\SharpVectors.HtmlRenderer.WinForms.dll</HintPath>
</Reference>
</ItemGroup>
<ItemGroup Condition=" '$(TargetFramework)' == 'net45'">
<Reference Include="System.Net.Http" />
<Reference Include="System.Design" />
Expand Down
25 changes: 1 addition & 24 deletions Samples/GdiW3cSvgTestSuite/GdiW3cSvgTestSuite.VS2019.csproj
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
<Project Sdk="Microsoft.NET.Sdk.WindowsDesktop">
<PropertyGroup>
<TargetFrameworks>net40;net45;net46;net47;net48;netcoreapp3.1;net5.0-windows</TargetFrameworks>
<TargetFrameworks>net45;net46;net47;net48;netcoreapp3.1;net5.0-windows</TargetFrameworks>
<OutputType>WinExe</OutputType>
<UseWindowsForms>true</UseWindowsForms>
<RootNamespace>GdiW3cSvgTestSuite</RootNamespace>
Expand All @@ -9,8 +9,6 @@
<GenerateAssemblyInfo>false</GenerateAssemblyInfo>
<UseWindowsForms>true</UseWindowsForms>
<AppendTargetFrameworkToOutputPath>true</AppendTargetFrameworkToOutputPath>
<AppConfig Condition="'$(TargetFramework)' == 'net40'">App.net40.config</AppConfig>
<AutoUnifyAssemblyReferences Condition="'$(TargetFramework)' == 'net40'">false</AutoUnifyAssemblyReferences>
</PropertyGroup>
<PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Debug|AnyCPU' ">
<DebugType>full</DebugType>
Expand All @@ -28,7 +26,6 @@
<RunAnalyzersDuringLiveAnalysis>false</RunAnalyzersDuringLiveAnalysis>
</PropertyGroup>
<PropertyGroup>
<DefineConstants Condition=" '$(TargetFramework)' == 'net40' ">$(DefineConstants);DOTNET40;NETFULL</DefineConstants>
<DefineConstants Condition="$(TargetFramework.StartsWith('net45'))">$(DefineConstants);DOTNET45;NETFULL</DefineConstants>
<DefineConstants Condition="$(TargetFramework.StartsWith('net46'))">$(DefineConstants);DOTNET46;NETFULL</DefineConstants>
<DefineConstants Condition="$(TargetFramework.StartsWith('net47'))">$(DefineConstants);DOTNET47;NETFULL</DefineConstants>
Expand All @@ -37,26 +34,6 @@
<DefineConstants Condition="$(TargetFramework.StartsWith('net5'))">$(DefineConstants);NETCORE;NET50</DefineConstants>
<DefineConstants Condition="$(TargetFramework.StartsWith('netstandard'))">$(DefineConstants);NETSTANDARD</DefineConstants>
</PropertyGroup>
<ItemGroup Condition=" '$(TargetFramework)' == 'net40'">
<Reference Include="System.Design" />
<PackageReference Include="Microsoft.Bcl.Async" Version="1.0.168" />
<PackageReference Include="DotNetZip" Version="1.13.8" />
<Reference Include="ICSharpCode.TextEditor">
<HintPath>..\..\Libraries\net40\ICSharpCode.TextEditor.dll</HintPath>
</Reference>
<Reference Include="SharpVectors.ShellFileDialogs">
<HintPath>..\..\Libraries\net40\SharpVectors.ShellFileDialogs.dll</HintPath>
</Reference>
<Reference Include="WeifenLuo.WinFormsUI.Docking">
<HintPath>..\..\Libraries\net40\WeifenLuo.WinFormsUI.Docking.dll</HintPath>
</Reference>
<Reference Include="WeifenLuo.WinFormsUI.Docking.ThemeVS2015">
<HintPath>..\..\Libraries\net40\WeifenLuo.WinFormsUI.Docking.ThemeVS2015.dll</HintPath>
</Reference>
<Reference Include="SharpVectors.HtmlRenderer.WinForms">
<HintPath>..\..\Libraries\net40\SharpVectors.HtmlRenderer.WinForms.dll</HintPath>
</Reference>
</ItemGroup>
<ItemGroup Condition=" '$(TargetFramework)' == 'net45'">
<Reference Include="System.Net.Http" />
<Reference Include="System.Design" />
Expand Down
25 changes: 1 addition & 24 deletions Samples/GdiW3cSvgTestSuite/GdiW3cSvgTestSuite.csproj
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
<Project Sdk="Microsoft.NET.Sdk.WindowsDesktop">
<PropertyGroup>
<TargetFrameworks>net40;net45;net46;net47;net48;netcoreapp3.1;net6.0-windows;net7.0-windows;net8.0-windows</TargetFrameworks>
<TargetFrameworks>net45;net46;net47;net48;netcoreapp3.1;net6.0-windows;net7.0-windows;net8.0-windows</TargetFrameworks>
<OutputType>WinExe</OutputType>
<UseWindowsForms>true</UseWindowsForms>
<RootNamespace>GdiW3cSvgTestSuite</RootNamespace>
Expand All @@ -9,8 +9,6 @@
<GenerateAssemblyInfo>false</GenerateAssemblyInfo>
<UseWindowsForms>true</UseWindowsForms>
<AppendTargetFrameworkToOutputPath>true</AppendTargetFrameworkToOutputPath>
<AppConfig Condition="'$(TargetFramework)' == 'net40'">App.net40.config</AppConfig>
<AutoUnifyAssemblyReferences Condition="'$(TargetFramework)' == 'net40'">false</AutoUnifyAssemblyReferences>
</PropertyGroup>
<PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Debug|AnyCPU' ">
<DebugType>full</DebugType>
Expand All @@ -28,7 +26,6 @@
<RunAnalyzersDuringLiveAnalysis>false</RunAnalyzersDuringLiveAnalysis>
</PropertyGroup>
<PropertyGroup>
<DefineConstants Condition=" '$(TargetFramework)' == 'net40' ">$(DefineConstants);DOTNET40;NETFULL</DefineConstants>
<DefineConstants Condition="$(TargetFramework.StartsWith('net45'))">$(DefineConstants);DOTNET45;NETFULL</DefineConstants>
<DefineConstants Condition="$(TargetFramework.StartsWith('net46'))">$(DefineConstants);DOTNET46;NETFULL</DefineConstants>
<DefineConstants Condition="$(TargetFramework.StartsWith('net47'))">$(DefineConstants);DOTNET47;NETFULL</DefineConstants>
Expand All @@ -39,26 +36,6 @@
<DefineConstants Condition="$(TargetFramework.StartsWith('net7'))">$(DefineConstants);NETCORE;NET70</DefineConstants>
<DefineConstants Condition="$(TargetFramework.StartsWith('net8'))">$(DefineConstants);NETCORE;NET80</DefineConstants>
</PropertyGroup>
<ItemGroup Condition=" '$(TargetFramework)' == 'net40'">
<Reference Include="System.Design" />
<PackageReference Include="Microsoft.Bcl.Async" Version="1.0.168" />
<PackageReference Include="DotNetZip" Version="1.13.8" />
<Reference Include="ICSharpCode.TextEditor">
<HintPath>..\..\Libraries\net40\ICSharpCode.TextEditor.dll</HintPath>
</Reference>
<Reference Include="SharpVectors.ShellFileDialogs">
<HintPath>..\..\Libraries\net40\SharpVectors.ShellFileDialogs.dll</HintPath>
</Reference>
<Reference Include="WeifenLuo.WinFormsUI.Docking">
<HintPath>..\..\Libraries\net40\WeifenLuo.WinFormsUI.Docking.dll</HintPath>
</Reference>
<Reference Include="WeifenLuo.WinFormsUI.Docking.ThemeVS2015">
<HintPath>..\..\Libraries\net40\WeifenLuo.WinFormsUI.Docking.ThemeVS2015.dll</HintPath>
</Reference>
<Reference Include="SharpVectors.HtmlRenderer.WinForms">
<HintPath>..\..\Libraries\net40\SharpVectors.HtmlRenderer.WinForms.dll</HintPath>
</Reference>
</ItemGroup>
<ItemGroup Condition=" '$(TargetFramework)' == 'net45'">
<Reference Include="System.Net.Http" />
<Reference Include="System.Design" />
Expand Down
49 changes: 0 additions & 49 deletions Samples/GdiW3cSvgTestSuite/PromptDialog.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,11 +7,7 @@
using System.IO.Compression;
using System.Net;
using System.Net.NetworkInformation;
#if DOTNET40
using Ionic.Zip;
#else
using System.Net.Http;
#endif

using FolderBrowserDialog = ShellFileDialogs.FolderBrowserDialog;

Expand Down Expand Up @@ -94,50 +90,6 @@ private void OnFormShown(object sender, EventArgs e)
btnCancel.Focus();
}

#if DOTNET40
private void OnDownloadClicked(object sender, EventArgs e)
{
var dlg = new LoadingAdorner();
dlg.Owner = this;
dlg.StartPosition = FormStartPosition.Manual;
dlg.Location = new Point(this.Location.X + (this.Width - dlg.Width) / 2,
this.Location.Y + (this.Height - dlg.Height) / 2);
dlg.Show(this);

string url = _optionSettings.WebSuitePath;

_downloadeFilePath = Path.Combine(_optionSettings.LocalSuitePath, "FullTestSuite.zip");
if (File.Exists(_downloadeFilePath))
{
File.Delete(_downloadeFilePath);
}

//ServicePointManager.SecurityProtocol = (SecurityProtocolType)3072; //TLS 1.2
//ServicePointManager.SecurityProtocol = (SecurityProtocolType)768; //TLS 1.1
ServicePointManager.SecurityProtocol = (SecurityProtocolType)768 | (SecurityProtocolType)3072;

using (WebClient client = new WebClient())
{
client.DownloadFileCompleted += delegate(object other, AsyncCompletedEventArgs args) {
bool result = !args.Cancelled;
if (!result)
{
return;
}
using (ZipFile zip = ZipFile.Read(_downloadeFilePath))
{
zip.ExtractAll(_optionSettings.LocalSuitePath);
}

dlg.Close();

this.DialogResult = DialogResult.OK;
this.Close();
};
client.DownloadFileAsync(new Uri(url), _downloadeFilePath);
}
}
#else
private async void OnDownloadClicked(object sender, EventArgs e)
{
var dlg = new LoadingAdorner();
Expand Down Expand Up @@ -176,7 +128,6 @@ private async void OnDownloadClicked(object sender, EventArgs e)
}
}
}
#endif

private void OnSvgSuitePathTextChanged(object sender, EventArgs e)
{
Expand Down
19 changes: 0 additions & 19 deletions Samples/WpfTestOtherSvg/App.net40.config
View file

This file was deleted.

Loading

0 comments on commit 05c74fe

Please sign in to comment.