Package io.github.pixee.security

Class ZipSecurity

java.lang.Object

io.github.pixee.security.ZipSecurity

public final class ZipSecurity
extends Object

This type exposes helper methods to deal with attacks related to Zipping operations, most notably the "zip slip" attack.

Method Summary

Modifier and Type	Method	Description
static ZipInputStream	createHardenedInputStream(InputStream stream)	Returns a ZipInputStream that will check to make sure that paths encountered in the zip aren't absolute and don't contain escapes ("..") towards directories beyond the root of the zip.
static ZipInputStream	createHardenedInputStream(InputStream stream, Charset charset)	Returns a ZipInputStream that will check to make sure that paths encountered in the zip aren't absolute and don't contain escapes ("..") towards directories outside the zip's root.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Method Detail

createHardenedInputStream

public static ZipInputStream createHardenedInputStream(InputStream stream,
                                                       Charset charset)

Returns a ZipInputStream that will check to make sure that paths encountered in the zip aren't absolute and don't contain escapes ("..") towards directories outside the zip's root.

createHardenedInputStream

public static ZipInputStream createHardenedInputStream(InputStream stream)

Returns a ZipInputStream that will check to make sure that paths encountered in the zip aren't absolute and don't contain escapes ("..") towards directories beyond the root of the zip.