Fixed: DotNetZip Directory Traversal vulnerability

- Removed support for .NET 4.0 in the test samples

Author: paulushub

Samples/GdiW3cSvgTestSuite/App.net40.config

@@ -1,6 +1,6 @@
 <Project Sdk="MSBuild.Sdk.Extras">
   <PropertyGroup>
-    <TargetFrameworks>net40;net45;net46;net47;net48</TargetFrameworks>
+    <TargetFrameworks>net45;net46;net47;net48</TargetFrameworks>
     <OutputType>WinExe</OutputType>
     <UseWindowsForms>true</UseWindowsForms>
     <ExtrasEnableWinFormsProjectSetup>true</ExtrasEnableWinFormsProjectSetup>
@@ -10,8 +10,6 @@
     <GenerateAssemblyInfo>false</GenerateAssemblyInfo>
     <UseWindowsForms>true</UseWindowsForms>
     <AppendTargetFrameworkToOutputPath>true</AppendTargetFrameworkToOutputPath>
-    <AppConfig Condition="'$(TargetFramework)' == 'net40'">App.net40.config</AppConfig>
-    <AutoUnifyAssemblyReferences Condition="'$(TargetFramework)' == 'net40'">false</AutoUnifyAssemblyReferences>
   </PropertyGroup>
   <PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Debug|AnyCPU' ">
     <DebugType>full</DebugType>
@@ -29,34 +27,13 @@
     <RunAnalyzersDuringLiveAnalysis>false</RunAnalyzersDuringLiveAnalysis>
   </PropertyGroup>
   <PropertyGroup>
-    <DefineConstants Condition=" '$(TargetFramework)' == 'net40' ">$(DefineConstants);DOTNET40;NETFULL</DefineConstants>
     <DefineConstants Condition="$(TargetFramework.StartsWith('net45'))">$(DefineConstants);DOTNET45;NETFULL</DefineConstants>
     <DefineConstants Condition="$(TargetFramework.StartsWith('net46'))">$(DefineConstants);DOTNET46;NETFULL</DefineConstants>
     <DefineConstants Condition="$(TargetFramework.StartsWith('net47'))">$(DefineConstants);DOTNET47;NETFULL</DefineConstants>
     <DefineConstants Condition="$(TargetFramework.StartsWith('net48'))">$(DefineConstants);DOTNET48;NETFULL</DefineConstants>
     <DefineConstants Condition="$(TargetFramework.StartsWith('netcore'))">$(DefineConstants);NETCORE</DefineConstants>
     <DefineConstants Condition="$(TargetFramework.StartsWith('netstandard'))">$(DefineConstants);NETSTANDARD</DefineConstants>
   </PropertyGroup>
-  <ItemGroup Condition=" '$(TargetFramework)' == 'net40'">
-    <Reference Include="System.Design" />
-    <PackageReference Include="Microsoft.Bcl.Async" Version="1.0.168" />
-    <PackageReference Include="DotNetZip" Version="1.13.8" />
-    <Reference Include="ICSharpCode.TextEditor">
-      <HintPath>..\..\Libraries\net40\ICSharpCode.TextEditor.dll</HintPath>
-    </Reference>
-    <Reference Include="SharpVectors.ShellFileDialogs">
-      <HintPath>..\..\Libraries\net40\SharpVectors.ShellFileDialogs.dll</HintPath>
-    </Reference>
-    <Reference Include="WeifenLuo.WinFormsUI.Docking">
-      <HintPath>..\..\Libraries\net40\WeifenLuo.WinFormsUI.Docking.dll</HintPath>
-    </Reference>
-    <Reference Include="WeifenLuo.WinFormsUI.Docking.ThemeVS2015">
-      <HintPath>..\..\Libraries\net40\WeifenLuo.WinFormsUI.Docking.ThemeVS2015.dll</HintPath>
-    </Reference>
-    <Reference Include="SharpVectors.HtmlRenderer.WinForms">
-      <HintPath>..\..\Libraries\net40\SharpVectors.HtmlRenderer.WinForms.dll</HintPath>
-    </Reference>
-  </ItemGroup>
   <ItemGroup Condition=" '$(TargetFramework)' == 'net45'">
     <Reference Include="System.Net.Http" />
     <Reference Include="System.Design" />

Samples/GdiW3cSvgTestSuite/GdiW3cSvgTestSuite.VS2017.csproj

@@ -1,6 +1,6 @@
 <Project Sdk="Microsoft.NET.Sdk.WindowsDesktop">
   <PropertyGroup>
-    <TargetFrameworks>net40;net45;net46;net47;net48;netcoreapp3.1;net5.0-windows</TargetFrameworks>
+    <TargetFrameworks>net45;net46;net47;net48;netcoreapp3.1;net5.0-windows</TargetFrameworks>
     <OutputType>WinExe</OutputType>
     <UseWindowsForms>true</UseWindowsForms>
     <RootNamespace>GdiW3cSvgTestSuite</RootNamespace>
@@ -9,8 +9,6 @@
     <GenerateAssemblyInfo>false</GenerateAssemblyInfo>
     <UseWindowsForms>true</UseWindowsForms>
     <AppendTargetFrameworkToOutputPath>true</AppendTargetFrameworkToOutputPath>
-    <AppConfig Condition="'$(TargetFramework)' == 'net40'">App.net40.config</AppConfig>
-    <AutoUnifyAssemblyReferences Condition="'$(TargetFramework)' == 'net40'">false</AutoUnifyAssemblyReferences>
   </PropertyGroup>
   <PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Debug|AnyCPU' ">
     <DebugType>full</DebugType>
@@ -28,7 +26,6 @@
     <RunAnalyzersDuringLiveAnalysis>false</RunAnalyzersDuringLiveAnalysis>
   </PropertyGroup>
   <PropertyGroup>
-    <DefineConstants Condition=" '$(TargetFramework)' == 'net40' ">$(DefineConstants);DOTNET40;NETFULL</DefineConstants>
     <DefineConstants Condition="$(TargetFramework.StartsWith('net45'))">$(DefineConstants);DOTNET45;NETFULL</DefineConstants>
     <DefineConstants Condition="$(TargetFramework.StartsWith('net46'))">$(DefineConstants);DOTNET46;NETFULL</DefineConstants>
     <DefineConstants Condition="$(TargetFramework.StartsWith('net47'))">$(DefineConstants);DOTNET47;NETFULL</DefineConstants>
@@ -37,26 +34,6 @@
     <DefineConstants Condition="$(TargetFramework.StartsWith('net5'))">$(DefineConstants);NETCORE;NET50</DefineConstants>
     <DefineConstants Condition="$(TargetFramework.StartsWith('netstandard'))">$(DefineConstants);NETSTANDARD</DefineConstants>
   </PropertyGroup>
-  <ItemGroup Condition=" '$(TargetFramework)' == 'net40'">
-    <Reference Include="System.Design" />
-    <PackageReference Include="Microsoft.Bcl.Async" Version="1.0.168" />
-    <PackageReference Include="DotNetZip" Version="1.13.8" />
-    <Reference Include="ICSharpCode.TextEditor">
-      <HintPath>..\..\Libraries\net40\ICSharpCode.TextEditor.dll</HintPath>
-    </Reference>
-    <Reference Include="SharpVectors.ShellFileDialogs">
-      <HintPath>..\..\Libraries\net40\SharpVectors.ShellFileDialogs.dll</HintPath>
-    </Reference>
-    <Reference Include="WeifenLuo.WinFormsUI.Docking">
-      <HintPath>..\..\Libraries\net40\WeifenLuo.WinFormsUI.Docking.dll</HintPath>
-    </Reference>
-    <Reference Include="WeifenLuo.WinFormsUI.Docking.ThemeVS2015">
-      <HintPath>..\..\Libraries\net40\WeifenLuo.WinFormsUI.Docking.ThemeVS2015.dll</HintPath>
-    </Reference>
-    <Reference Include="SharpVectors.HtmlRenderer.WinForms">
-      <HintPath>..\..\Libraries\net40\SharpVectors.HtmlRenderer.WinForms.dll</HintPath>
-    </Reference>
-  </ItemGroup>
   <ItemGroup Condition=" '$(TargetFramework)' == 'net45'">
     <Reference Include="System.Net.Http" />
     <Reference Include="System.Design" />

Samples/GdiW3cSvgTestSuite/GdiW3cSvgTestSuite.VS2019.csproj

@@ -1,6 +1,6 @@
 <Project Sdk="Microsoft.NET.Sdk.WindowsDesktop">
 	<PropertyGroup>
-		<TargetFrameworks>net40;net45;net46;net47;net48;netcoreapp3.1;net6.0-windows;net7.0-windows;net8.0-windows</TargetFrameworks>
+		<TargetFrameworks>net45;net46;net47;net48;netcoreapp3.1;net6.0-windows;net7.0-windows;net8.0-windows</TargetFrameworks>
 		<OutputType>WinExe</OutputType>
 		<UseWindowsForms>true</UseWindowsForms>
 		<RootNamespace>GdiW3cSvgTestSuite</RootNamespace>
@@ -9,8 +9,6 @@
 		<GenerateAssemblyInfo>false</GenerateAssemblyInfo>
 		<UseWindowsForms>true</UseWindowsForms>
 		<AppendTargetFrameworkToOutputPath>true</AppendTargetFrameworkToOutputPath>
-		<AppConfig Condition="'$(TargetFramework)' == 'net40'">App.net40.config</AppConfig>
-		<AutoUnifyAssemblyReferences Condition="'$(TargetFramework)' == 'net40'">false</AutoUnifyAssemblyReferences>
 	</PropertyGroup>
 	<PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Debug|AnyCPU' ">
 		<DebugType>full</DebugType>
@@ -28,7 +26,6 @@
 		<RunAnalyzersDuringLiveAnalysis>false</RunAnalyzersDuringLiveAnalysis>
 	</PropertyGroup>
 	<PropertyGroup>
-		<DefineConstants Condition=" '$(TargetFramework)' == 'net40' ">$(DefineConstants);DOTNET40;NETFULL</DefineConstants>
 		<DefineConstants Condition="$(TargetFramework.StartsWith('net45'))">$(DefineConstants);DOTNET45;NETFULL</DefineConstants>
 		<DefineConstants Condition="$(TargetFramework.StartsWith('net46'))">$(DefineConstants);DOTNET46;NETFULL</DefineConstants>
 		<DefineConstants Condition="$(TargetFramework.StartsWith('net47'))">$(DefineConstants);DOTNET47;NETFULL</DefineConstants>
@@ -39,26 +36,6 @@
 		<DefineConstants Condition="$(TargetFramework.StartsWith('net7'))">$(DefineConstants);NETCORE;NET70</DefineConstants>
 		<DefineConstants Condition="$(TargetFramework.StartsWith('net8'))">$(DefineConstants);NETCORE;NET80</DefineConstants>
 	</PropertyGroup>
-	<ItemGroup Condition=" '$(TargetFramework)' == 'net40'">
-		<Reference Include="System.Design" />
-		<PackageReference Include="Microsoft.Bcl.Async" Version="1.0.168" />
-		<PackageReference Include="DotNetZip" Version="1.13.8" />
-		<Reference Include="ICSharpCode.TextEditor">
-			<HintPath>..\..\Libraries\net40\ICSharpCode.TextEditor.dll</HintPath>
-		</Reference>
-		<Reference Include="SharpVectors.ShellFileDialogs">
-			<HintPath>..\..\Libraries\net40\SharpVectors.ShellFileDialogs.dll</HintPath>
-		</Reference>
-		<Reference Include="WeifenLuo.WinFormsUI.Docking">
-			<HintPath>..\..\Libraries\net40\WeifenLuo.WinFormsUI.Docking.dll</HintPath>
-		</Reference>
-		<Reference Include="WeifenLuo.WinFormsUI.Docking.ThemeVS2015">
-			<HintPath>..\..\Libraries\net40\WeifenLuo.WinFormsUI.Docking.ThemeVS2015.dll</HintPath>
-		</Reference>
-		<Reference Include="SharpVectors.HtmlRenderer.WinForms">
-			<HintPath>..\..\Libraries\net40\SharpVectors.HtmlRenderer.WinForms.dll</HintPath>
-		</Reference>
-	</ItemGroup>
 	<ItemGroup Condition=" '$(TargetFramework)' == 'net45'">
 		<Reference Include="System.Net.Http" />
 		<Reference Include="System.Design" />

Samples/GdiW3cSvgTestSuite/GdiW3cSvgTestSuite.csproj

@@ -7,11 +7,7 @@
 using System.IO.Compression;
 using System.Net;
 using System.Net.NetworkInformation;
-#if DOTNET40
-using Ionic.Zip;
-#else
 using System.Net.Http;
-#endif
 
 using FolderBrowserDialog = ShellFileDialogs.FolderBrowserDialog;
 
@@ -94,50 +90,6 @@ private void OnFormShown(object sender, EventArgs e)
             btnCancel.Focus();
         }
 
-#if DOTNET40
-        private void OnDownloadClicked(object sender, EventArgs e)
-        {
-            var dlg = new LoadingAdorner();
-            dlg.Owner = this;
-            dlg.StartPosition = FormStartPosition.Manual;
-            dlg.Location = new Point(this.Location.X + (this.Width - dlg.Width) / 2, 
-                this.Location.Y + (this.Height - dlg.Height) / 2);
-            dlg.Show(this);
-
-            string url = _optionSettings.WebSuitePath;
-
-            _downloadeFilePath = Path.Combine(_optionSettings.LocalSuitePath, "FullTestSuite.zip");
-            if (File.Exists(_downloadeFilePath))
-            {
-                File.Delete(_downloadeFilePath);
-            }
-
-            //ServicePointManager.SecurityProtocol = (SecurityProtocolType)3072; //TLS 1.2
-            //ServicePointManager.SecurityProtocol = (SecurityProtocolType)768; //TLS 1.1
-            ServicePointManager.SecurityProtocol = (SecurityProtocolType)768 | (SecurityProtocolType)3072;
-
-            using (WebClient client = new WebClient())
-            {
-                client.DownloadFileCompleted += delegate(object other, AsyncCompletedEventArgs args) {
-                    bool result = !args.Cancelled;
-                    if (!result)
-                    {
-                        return;
-                    }
-                    using (ZipFile zip = ZipFile.Read(_downloadeFilePath))
-                    {
-                        zip.ExtractAll(_optionSettings.LocalSuitePath);
-                    }
-
-                    dlg.Close();
-
-                    this.DialogResult = DialogResult.OK;
-                    this.Close();
-                };
-                client.DownloadFileAsync(new Uri(url), _downloadeFilePath);
-            }
-        }
-#else
         private async void OnDownloadClicked(object sender, EventArgs e)
         {
             var dlg = new LoadingAdorner();
@@ -176,7 +128,6 @@ private async void OnDownloadClicked(object sender, EventArgs e)
                 }
             }
         }
-#endif
 
         private void OnSvgSuitePathTextChanged(object sender, EventArgs e)
         {