org.apache.poi.openxml4j.util

Class ZipSecureFile

java.lang.Object

org.apache.commons.compress.archivers.zip.ZipFile

org.apache.poi.openxml4j.util.ZipSecureFile

All Implemented Interfaces:

Closeable, AutoCloseable

@Internal
public class ZipSecureFile
extends org.apache.commons.compress.archivers.zip.ZipFile

This class wraps a ZipFile in order to check the entries for zip bombs while reading the archive.

The alert limits can be globally defined via setMaxEntrySize(long) and setMinInflateRatio(double).

Nested Class Summary

Nested classes/interfaces inherited from class org.apache.commons.compress.archivers.zip.ZipFile

org.apache.commons.compress.archivers.zip.ZipFile.Builder

Field Summary

Fields

Modifier and Type	Field and Description
static String	MAX_FILE_COUNT_MSG

Constructor Summary

Constructors

Constructor and Description
ZipSecureFile(File file)
ZipSecureFile(String name)

Method Summary

Modifier and Type	Method and Description
static long	getGraceEntrySize() Returns the current threshold for decompressed data in zip entries that are regarded as too small to worry about from a Zip Bomb perspective (default is 100Kb).
ZipArchiveThresholdInputStream	getInputStream(org.apache.commons.compress.archivers.zip.ZipArchiveEntry entry) Returns an input stream for reading the contents of the specified zip file entry.
static long	getMaxEntrySize() Returns the current maximum allowed uncompressed file size.
static long	getMaxFileCount() Returns the current maximum file count that is used.
static long	getMaxTextSize() Returns the current maximum allowed text size.
static double	getMinInflateRatio() Returns the current minimum compression rate that is used.
String	getName() Deprecated. there is no need for this method - it will be removed in a future version of POI (deprecated since POI 5.3.0)
static void	setGraceEntrySize(long graceEntrySize) Sets the grace entry size of a single zip entry.
static void	setMaxEntrySize(long maxEntrySize) Sets the maximum file size of a single zip entry.
static void	setMaxFileCount(long maxFileCount) Sets the maximum file count that we allow inside zip files that we read - including OOXML files like xlsx, docx, pptx, etc.
static void	setMaxTextSize(long maxTextSize) Sets the maximum number of characters of text that are extracted before an exception is thrown during extracting text from documents.
static void	setMinInflateRatio(double ratio) Sets the ratio between de- and inflated bytes to detect zipbomb.

Methods inherited from class org.apache.commons.compress.archivers.zip.ZipFile

builder, canReadEntryData, close, closeQuietly, copyRawEntries, finalize, getContentBeforeFirstLocalFileHeader, getEncoding, getEntries, getEntries, getEntriesInPhysicalOrder, getEntriesInPhysicalOrder, getEntry, getFirstLocalFileHeaderOffset, getRawInputStream, getUnixSymlink, stream

Methods inherited from class java.lang.Object

clone, equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

MAX_FILE_COUNT_MSG

public static final String MAX_FILE_COUNT_MSG

See Also:

Constant Field Values

Constructor Detail

ZipSecureFile

public ZipSecureFile(File file)
              throws IOException

Parameters:

file - the File, possibly including path traversal - it is up to users to validate that the input value is safe

Throws:

IOException - if an error occurs while reading the file.

ZipSecureFile

public ZipSecureFile(String name)
              throws IOException

Parameters:

name - the file name, possibly including path traversal - it is up to users to validate that the input value is safe

Throws:

IOException - if an error occurs while reading the file.

Method Detail

setMinInflateRatio

public static void setMinInflateRatio(double ratio)

Sets the ratio between de- and inflated bytes to detect zipbomb. It defaults to 1% (= 0.01d), i.e. when the compression is better than 1% for any given read package part, the parsing will fail indicating a Zip-Bomb.

Parameters:

ratio - the ratio between de- and inflated bytes to detect zipbomb

getMinInflateRatio

public static double getMinInflateRatio()

Returns the current minimum compression rate that is used. See setMinInflateRatio() for details.

Returns:

The min accepted compression-ratio.

getMaxFileCount

public static long getMaxFileCount()

Returns the current maximum file count that is used. See setMaxFileCount() for details.

Returns:

The max accepted file count (i.e. the max number of files we allow inside zip files that we read - including OOXML files like xlsx, docx, pptx, etc.).

Since:

POI 5.2.4

setMaxFileCount

public static void setMaxFileCount(long maxFileCount)

Sets the maximum file count that we allow inside zip files that we read - including OOXML files like xlsx, docx, pptx, etc. The default is 1000.

Parameters:

maxFileCount - The max accepted file count

Since:

POI 5.2.4

setMaxEntrySize

public static void setMaxEntrySize(long maxEntrySize)

Sets the maximum file size of a single zip entry. It defaults to 4GB, i.e. the 32-bit zip format maximum. This can be used to limit memory consumption and protect against security vulnerabilities when documents are provided by users.

Parameters:

maxEntrySize - the max. file size of a single zip entry

Throws:

IllegalArgumentException - for negative maxEntrySize

getMaxEntrySize

public static long getMaxEntrySize()

Returns the current maximum allowed uncompressed file size. See setMaxEntrySize() for details.

Returns:

The max accepted uncompressed file size.

setGraceEntrySize

public static void setGraceEntrySize(long graceEntrySize)

Sets the grace entry size of a single zip entry. It defaults to 100Kb. When decompressed data in a zip entry is smaller than this size, the Minimum Inflation Ratio check is ignored. Setting this to a very small value may lead to more files being flagged as potential Zip Bombs are rejected as a result.

Parameters:

graceEntrySize - the grace entry size of a single zip entry

Throws:

IllegalArgumentException - for negative graceEntrySize

Since:

POI 5.2.4

getGraceEntrySize

public static long getGraceEntrySize()

Returns the current threshold for decompressed data in zip entries that are regarded as too small to worry about from a Zip Bomb perspective (default is 100Kb). See setGraceEntrySize() for details.

Returns:

The current grace entry size

Since:

POI 5.2.4

setMaxTextSize

public static void setMaxTextSize(long maxTextSize)

Sets the maximum number of characters of text that are extracted before an exception is thrown during extracting text from documents. This can be used to limit memory consumption and protect against security vulnerabilities when documents are provided by users.

Parameters:

maxTextSize - the max. file size of a single zip entry

Throws:

IllegalArgumentException - for negative maxTextSize

getMaxTextSize

public static long getMaxTextSize()

Returns the current maximum allowed text size.

Returns:

The max accepted text size.

See Also:

setMaxTextSize(long)

getInputStream

public ZipArchiveThresholdInputStream getInputStream(org.apache.commons.compress.archivers.zip.ZipArchiveEntry entry)
                                              throws IOException

Returns an input stream for reading the contents of the specified zip file entry.

Closing this ZIP file will, in turn, close all input streams that have been returned by invocations of this method.

Overrides:

getInputStream in class org.apache.commons.compress.archivers.zip.ZipFile

Parameters:

entry - the zip file entry

Returns:

the input stream for reading the contents of the specified zip file entry.

Throws:

IOException - if an I/O error has occurred

IllegalStateException - if the zip file has been closed

getName

@Removal(version="7.0.0")
public String getName()

Deprecated. there is no need for this method - it will be removed in a future version of POI (deprecated since POI 5.3.0)

Returns the path name of the ZIP file.

Returns:

the path name of the ZIP file