ZhouXY108/hutool
1
0
Fork 0
mirror of https://gitee.com/chinabugotech/hutool.git synced 2025-05-09 23:51:34 +08:00
Code Issues Packages Projects Releases Wiki Activity

说明

Browse Source 
在对在对Zip文件解压时,判断该Zip文件是否是Zip炸弹,如果是Zip炸弹那么抛出异常

修改描述
[新特性] 新增限制zip文件解压后大小
This commit is contained in:
zhouxm 2022-07-24 03:41:17 +08:00
parent a9310c2d30
commit 160fec0f69
2 changed files with 49 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

32
hutool-core/src/main/java/cn/hutool/core/util/ZipUtil.java
View File

@ -30,6 +30,7 @@ import java.nio.file.FileSystem;
import java.nio.file.Files; import java.nio.file.Files;
import java.nio.file.Path; import java.nio.file.Path;
import java.util.ArrayList; import java.util.ArrayList;
import java.util.Enumeration;
import java.util.List; import java.util.List;
import java.util.function.Consumer; import java.util.function.Consumer;
import java.util.zip.ZipEntry; import java.util.zip.ZipEntry;
@ -558,6 +559,37 @@ public class ZipUtil {
return outFile; return outFile;
} }
/**
* 限制解压后文件大小
*
* @param zipFile zip文件附带编码信息使用完毕自动关闭
* @param outFile 解压到的目录
* @param size 警戒线大小(B)
* @return 解压的目录
* @throws IORuntimeException IO异常
* @since 5.8.5
*/
public static File unzip(ZipFile zipFile, File outFile, long size) throws IORuntimeException {
if (outFile.exists() && outFile.isFile()) {
throw new IllegalArgumentException(
StrUtil.format("Target path [{}] exist!", outFile.getAbsolutePath()));
}
Enumeration<? extends ZipEntry> zipEntries = zipFile.entries();
long zipFileSize = 0L;
while(zipEntries.hasMoreElements()) {
ZipEntry zipEntry = zipEntries.nextElement();
zipFileSize += zipEntry.getSize();
if (zipFileSize > size) {
throw new IllegalArgumentException("The file size exceeds the limit");
}
}
try (final ZipReader reader = new ZipReader(zipFile)) {
reader.readTo(outFile);
}
return outFile;
}
/** /**
* 获取压缩包中的指定文件流 * 获取压缩包中的指定文件流
* *

17
hutool-core/src/test/java/cn/hutool/core/util/ZipUtilTest.java
View File

@ -16,6 +16,9 @@ import java.io.OutputStream;
import java.nio.charset.Charset; import java.nio.charset.Charset;
import java.util.ArrayList; import java.util.ArrayList;
import java.util.List; import java.util.List;
import java.util.zip.ZipFile;
import static cn.hutool.core.util.ZipUtil.unzip;
/** /**
* {@link ZipUtil}单元测试 * {@link ZipUtil}单元测试
@ -195,4 +198,18 @@ public class ZipUtilTest {
ZipUtil.zip(FileUtil.file("d:\\test\\qr.zip"),false,dd); ZipUtil.zip(FileUtil.file("d:\\test\\qr.zip"),false,dd);
} }
@Test
public void SizeUnzip() throws IOException {
String zipPath = "F:\\BaiduNetdiskDownload\\demo.zip";
String outPath = "F:\\BaiduNetdiskDownload\\test";
ZipFile zipFile = new ZipFile(zipPath, Charset.forName("GBK"));
File file = new File(outPath);
// 限制解压文件大小为637KB
long size = 637*1024L;
// 限制解压文件大小为636KB
// long size = 636*1024L;
unzip(zipFile, file, size);
}
} }