Module io.github.pixee.security
Package io.github.pixee.security

Class ZipSecurity

  • public final class ZipSecurity
extends java.lang.Object
    This type exposes helper methods to deal with attacks related to Zipping operations, most notably the "zip slip" attack.

    • Method Summary

      All Methods Static Methods Concrete Methods 
      Modifier and Type Method Description
      static java.util.zip.ZipInputStream createHardenedInputStream​(java.io.InputStream stream)
      Returns a ZipInputStream that will check to make sure that paths encountered in the zip aren't absolute and don't contain escapes ("..") towards directories beyond the root of the zip.
      static java.util.zip.ZipInputStream createHardenedInputStream​(java.io.InputStream stream, java.nio.charset.Charset charset)
      Returns a ZipInputStream that will check to make sure that paths encountered in the zip aren't absolute and don't contain escapes ("..") towards directories outside the zip's root.

      • Methods inherited from class java.lang.Object

        clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

    • Method Detail

      • createHardenedInputStream

        public static java.util.zip.ZipInputStream createHardenedInputStream​(java.io.InputStream stream,
                                                                     java.nio.charset.Charset charset)
        Returns a ZipInputStream that will check to make sure that paths encountered in the zip aren't absolute and don't contain escapes ("..") towards directories outside the zip's root.

      • createHardenedInputStream

        public static java.util.zip.ZipInputStream createHardenedInputStream​(java.io.InputStream stream)
        Returns a ZipInputStream that will check to make sure that paths encountered in the zip aren't absolute and don't contain escapes ("..") towards directories beyond the root of the zip.