From 464a5785cce6efbcdebd7067de5a100d5963f842 Mon Sep 17 00:00:00 2001
From: Yaron Bachar <yaronb@fb.com>
Date: Thu, 27 Jan 2022 21:42:48 -0800
Subject: [PATCH] Revert D33633205: address path traversal vulnerability

Differential Revision:
D33633205 (https://github.com/facebookincubator/profilo/commit/62b922a1a4c7530c2dc9b4e6a34d48cb20b8f355)

Original commit changeset: 1834fcdfa96b

Original Phabricator Diff: D33633205 (https://github.com/facebookincubator/profilo/commit/62b922a1a4c7530c2dc9b4e6a34d48cb20b8f355)

fbshipit-source-id: bb09fe48749b284f4cc5e7d9e7e51e985a9897de
---
 deps/zip/ZipHelper.java | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/deps/zip/ZipHelper.java b/deps/zip/ZipHelper.java
index 10d03f80..e4ab02d6 100644
--- a/deps/zip/ZipHelper.java
+++ b/deps/zip/ZipHelper.java
@@ -15,6 +15,7 @@
 import java.util.zip.ZipOutputStream;
 
 public class ZipHelper {
+
   public static final String ZIP_SUFFIX = ".zip";
   public static final String TMP_SUFFIX = ".tmp";
 
@@ -134,9 +135,6 @@ public static boolean extractZip(InputStream inputStream, File extractDir) throw
 
     while (entry != null) {
       File newFile = new File(extractDir, entry.getName());
-      if (!newFile.getCanonicalPath().startsWith(extractDir.getName())) {
-        throw new IOException("Invalid entry name");
-      }
       if (entry.isDirectory()) {
         if (!newFile.isDirectory() && !newFile.mkdirs()) {
           throw new IOException("Can't create directory");