Package jadx.zip.security

Class JadxZipSecurity

java.lang.Object

jadx.zip.security.JadxZipSecurity

All Implemented Interfaces:

IJadxZipSecurity

public class JadxZipSecurity
extends java.lang.Object
implements IJadxZipSecurity

Constructor Summary

Constructors

Constructor	Description
JadxZipSecurity()

Method Summary

Modifier and Type	Method	Description
int	getMaxEntriesCount()	Max entries count expected in a zip file, fail zip open if the limit exceeds.
boolean	isInSubDirectory(java.io.File baseDir, java.io.File file)	Check if a file will be inside baseDir after a system resolves its path
boolean	isValidEntry(IZipEntry entry)	Check if zip entry is valid and safe to process
boolean	isValidEntryName(java.lang.String entryName)	Checks that entry name contains no any traversals and prevents cases like "../classes.dex", to limit output only to the specified directory
boolean	isZipBomb(IZipEntry entry)
void	setMaxEntriesCount(int maxEntriesCount)
void	setUseLimitedDataStream(boolean useLimitedDataStream)
void	setZipBombDetectionFactor(int zipBombDetectionFactor)
void	setZipBombMinUncompressedSize(int zipBombMinUncompressedSize)
boolean	useLimitedDataStream()	Use limited InputStream for entry uncompressed data

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

JadxZipSecurity

public JadxZipSecurity()

Method Detail

isValidEntry

public boolean isValidEntry(IZipEntry entry)

Description copied from interface: IJadxZipSecurity

Check if zip entry is valid and safe to process

Specified by:

isValidEntry in interface IJadxZipSecurity

useLimitedDataStream

public boolean useLimitedDataStream()

Description copied from interface: IJadxZipSecurity

Use limited InputStream for entry uncompressed data

Specified by:

useLimitedDataStream in interface IJadxZipSecurity

getMaxEntriesCount

public int getMaxEntriesCount()

Description copied from interface: IJadxZipSecurity

Max entries count expected in a zip file, fail zip open if the limit exceeds. Return -1 to disable entries count check.

Specified by:

getMaxEntriesCount in interface IJadxZipSecurity

isValidEntryName

public boolean isValidEntryName(java.lang.String entryName)

Checks that entry name contains no any traversals and prevents cases like "../classes.dex", to limit output only to the specified directory

Specified by:

isValidEntryName in interface IJadxZipSecurity

isInSubDirectory

public boolean isInSubDirectory(java.io.File baseDir,
                                java.io.File file)

Description copied from interface: IJadxZipSecurity

Check if a file will be inside baseDir after a system resolves its path

Specified by:

isInSubDirectory in interface IJadxZipSecurity

isZipBomb

public boolean isZipBomb(IZipEntry entry)

setMaxEntriesCount

public void setMaxEntriesCount(int maxEntriesCount)

setZipBombDetectionFactor

public void setZipBombDetectionFactor(int zipBombDetectionFactor)

setZipBombMinUncompressedSize

public void setZipBombMinUncompressedSize(int zipBombMinUncompressedSize)

setUseLimitedDataStream

public void setUseLimitedDataStream(boolean useLimitedDataStream)