#!/bin/sh

# Check the CVE-2019-13241 vulnerability.
# See https://security-tracker.debian.org/tracker/CVE-2019-13241
# Author: Francois Mazen <francois@mzf.fr>

EVIL_FILE=/tmp/evil.txt

if [ -f "$EVIL_FILE" ]; then
    echo "$EVIL_FILE exists, removing it."
    rm -f $EVIL_FILE
else 
    echo "$EVIL_FILE does not exist"
fi

echo "Opening the evil zip file."
flightcrew-cli --input-file CVE-2019-13241_zip-slip.zip 2>&1

if [ -f "$EVIL_FILE" ]; then
    echo "$EVIL_FILE exists! The program is vulnerable."
    exit 1
else 
    echo "$EVIL_FILE does not exist, no vulnerability."
    exit 0
fi



