本文整理了Java中org.apache.poi.openxml4j.util.ZipSecureFile类的一些代码示例,展示了ZipSecureFile类的具体用法。这些代码示例主要来源于Github/Stackoverflow/Maven等平台,是从一些精选项目中提取出来的代码,具有较强的参考意义,能在一定程度帮忙到你。ZipSecureFile类的具体详情如下:
包路径:org.apache.poi.openxml4j.util.ZipSecureFile
类名称:ZipSecureFile
[英]This class wraps a ZipFile in order to check the entries for zip bombs while reading the archive.
The alert limits can be globally defined via #setMaxEntrySize(long)and #setMinInflateRatio(double).
[中]这个类包装了一个ZipFile,以便在读取归档文件时检查zip bombs的条目。
警报限值可通过#setMaxEntrySize(长)和#setMinInflateRatio(双)进行全局定义。
代码示例来源:origin: pentaho/pentaho-kettle
@Test
public void testZipBombConfiguration_Default() throws Exception {
// First set some random values
Long bogusMaxEntrySize = 1000L;
ZipSecureFile.setMaxEntrySize( bogusMaxEntrySize );
Long bogusMaxTextSize = 1000L;
ZipSecureFile.setMaxTextSize( bogusMaxTextSize );
Double bogusMinInflateRatio = 0.5d;
ZipSecureFile.setMinInflateRatio( bogusMinInflateRatio );
// Verify that the bogus values were set
assertEquals( bogusMaxEntrySize, (Long) ZipSecureFile.getMaxEntrySize() );
assertEquals( bogusMaxTextSize, (Long) ZipSecureFile.getMaxTextSize() );
assertEquals( bogusMinInflateRatio, (Double) ZipSecureFile.getMinInflateRatio() );
// Initializing the ExcelInput step should make the new values to be set
meta.setSpreadSheetType( SpreadSheetType.SAX_POI );
init( "Balance_Type_Codes.xlsx" );
// Verify that the default values were used
assertEquals( Const.KETTLE_ZIP_MAX_ENTRY_SIZE_DEFAULT, (Long) ZipSecureFile.getMaxEntrySize() );
assertEquals( Const.KETTLE_ZIP_MAX_TEXT_SIZE_DEFAULT, (Long) ZipSecureFile.getMaxTextSize() );
assertEquals( Const.KETTLE_ZIP_MIN_INFLATE_RATIO_DEFAULT, (Double) ZipSecureFile.getMinInflateRatio() );
}代码示例来源:origin: org.apache.poi/poi-ooxml
/**
* Opens the specified file as a secure zip, or returns null if no
* such file exists
*
* @param file
* The file to open.
* @return The zip archive freshly open.
* @throws IOException if the zip file cannot be opened or closed to read the header signature
* @throws NotOfficeXmlFileException if stream does not start with zip header signature
*/
public static ZipSecureFile openZipFile(File file) throws IOException, NotOfficeXmlFileException {
if (!file.exists()) {
throw new FileNotFoundException("File does not exist");
}
if (file.isDirectory()) {
throw new IOException("File is a directory");
}
// Peek at the first few bytes to sanity check
try (FileInputStream input = new FileInputStream(file)) {
verifyZipHeader(input);
}
// Open as a proper zip file
return new ZipSecureFile(file);
}代码示例来源:origin: pentaho/pentaho-kettle
minInflateRatio = Const.KETTLE_ZIP_MIN_INFLATE_RATIO_DEFAULT;
ZipSecureFile.setMinInflateRatio( minInflateRatio );
maxEntrySize = Const.KETTLE_ZIP_MAX_ENTRY_SIZE_DEFAULT;
ZipSecureFile.setMaxEntrySize( maxEntrySize );
maxTextSize = Const.KETTLE_ZIP_MAX_TEXT_SIZE_DEFAULT;
ZipSecureFile.setMaxTextSize( maxTextSize );代码示例来源:origin: wuyouzhuguli/FEBS-Shiro
static void writeByLocalOrBrowser(HttpServletResponse response, String fileName, SXSSFWorkbook wb, OutputStream out) {
try {
ZipSecureFile.setMinInflateRatio(0L);
if (response != null) {
// response对象不为空,响应到浏览器下载
response.setContentType(FebsConstant.XLSX_CONTENT_TYPE);
response.setHeader("Content-disposition", "attachment; filename="
+ URLEncoder.encode(String.format("%s%s", fileName, FebsConstant.XLSX_SUFFIX), "UTF-8"));
if (out == null) {
out = response.getOutputStream();
}
}
wb.write(out);
out.flush();
out.close();
} catch (Exception e) {
log.error(e.getMessage());
}
}代码示例来源:origin: pentaho/pentaho-kettle
@Test
public void testZipBombConfiguration() throws Exception {
Long maxEntrySizeVal = 3L * 1024 * 1024 * 1024;
Long maxTextSizeVal = 2L * 1024 * 1024 * 1024;
Double minInflateRatioVal = 0.123d;
// First set the property values
System.setProperty( Const.KETTLE_ZIP_MAX_ENTRY_SIZE, maxEntrySizeVal.toString() );
System.setProperty( Const.KETTLE_ZIP_MAX_TEXT_SIZE, maxTextSizeVal.toString() );
System.setProperty( Const.KETTLE_ZIP_MIN_INFLATE_RATIO, minInflateRatioVal.toString() );
//ExcelInput excelInput = new ExcelInput( null, null, 0, null, null );
// Initializing the ExcelInput step should make the new values to be set
meta.setSpreadSheetType( SpreadSheetType.SAX_POI );
init( "Balance_Type_Codes.xlsx" );
// Verify that the setted values were used
assertEquals( maxEntrySizeVal, (Long) ZipSecureFile.getMaxEntrySize() );
assertEquals( maxTextSizeVal, (Long) ZipSecureFile.getMaxTextSize() );
assertEquals( minInflateRatioVal, (Double) ZipSecureFile.getMinInflateRatio() );
}代码示例来源:origin: org.apache.poi/poi-ooxml
protected void checkMaxTextSize(CharSequence text, String string) {
if(string == null) {
return;
}
int size = text.length() + string.length();
if(size > ZipSecureFile.getMaxTextSize()) {
throw new IllegalStateException("The text would exceed the max allowed overall size of extracted text. "
+ "By default this is prevented as some documents may exhaust available memory and it may indicate that the file is used to inflate memory usage and thus could pose a security risk. "
+ "You can adjust this limit via ZipSecureFile.setMaxTextSize() if you need to work with files which have a lot of text. "
+ "Size: " + size + ", limit: MAX_TEXT_SIZE: " + ZipSecureFile.getMaxTextSize());
}
}
}代码示例来源:origin: openl-tablets/openl-tablets
public static void configureZipBombDetection() {
// ZIP bomb detection tuning. Don't disable it by setting it in 0.
// https://bz.apache.org/bugzilla/show_bug.cgi?id=58499
// 0.001 is when 1MByte expands to 1 GByte
ZipSecureFile.setMinInflateRatio(0.001);
}代码示例来源:origin: org.apache.servicemix.bundles/org.apache.servicemix.bundles.poi
protected void checkMaxTextSize(CharSequence text, String string) {
if(string == null) {
return;
}
int size = text.length() + string.length();
if(size > ZipSecureFile.getMaxTextSize()) {
throw new IllegalStateException("The text would exceed the max allowed overall size of extracted text. "
+ "By default this is prevented as some documents may exhaust available memory and it may indicate that the file is used to inflate memory usage and thus could pose a security risk. "
+ "You can adjust this limit via ZipSecureFile.setMaxTextSize() if you need to work with files which have a lot of text. "
+ "Size: " + size + ", limit: MAX_TEXT_SIZE: " + ZipSecureFile.getMaxTextSize());
}
}
}代码示例来源:origin: wuyouzhuguli/FEBS-Security
static void writeByLocalOrBrowser(HttpServletResponse response, String fileName, SXSSFWorkbook wb, OutputStream out) {
try {
ZipSecureFile.setMinInflateRatio(0L);
if (response != null) {
// response对象不为空,响应到浏览器下载
response.setContentType(FebsConstant.XLSX_CONTENT_TYPE);
response.setHeader("Content-disposition", "attachment; filename="
+ URLEncoder.encode(String.format("%s%s", fileName, FebsConstant.XLSX_SUFFIX), "UTF-8"));
if (out == null) {
out = response.getOutputStream();
}
}
wb.write(out);
out.flush();
out.close();
} catch (Exception e) {
log.error(e.getMessage());
}
}代码示例来源:origin: org.apache.poi/poi-ooxml
/**
* Write out this workbook to an OutputStream.
*
* @param stream - the java OutputStream you wish to write to
* @exception IOException if anything can't be written.
*/
@Override
public void write(OutputStream stream) throws IOException {
flushSheets();
//Save the template
File tmplFile = TempFile.createTempFile("poi-sxssf-template", ".xlsx");
boolean deleted;
try {
try (FileOutputStream os = new FileOutputStream(tmplFile)) {
_wb.write(os);
}
//Substitute the template entries with the generated sheet data files
try (ZipSecureFile zf = new ZipSecureFile(tmplFile);
ZipFileZipEntrySource source = new ZipFileZipEntrySource(zf)) {
injectData(source, stream);
}
} finally {
deleted = tmplFile.delete();
}
if(!deleted) {
throw new IOException("Could not delete temporary file after processing: " + tmplFile);
}
}代码示例来源:origin: org.apache.servicemix.bundles/org.apache.servicemix.bundles.poi
/**
* Opens the specified file as a secure zip, or returns null if no
* such file exists
*
* @param file
* The file to open.
* @return The zip archive freshly open.
* @throws IOException if the zip file cannot be opened or closed to read the header signature
* @throws NotOfficeXmlFileException if stream does not start with zip header signature
*/
public static ZipSecureFile openZipFile(File file) throws IOException, NotOfficeXmlFileException {
if (!file.exists()) {
throw new FileNotFoundException("File does not exist");
}
if (file.isDirectory()) {
throw new IOException("File is a directory");
}
// Peek at the first few bytes to sanity check
try (FileInputStream input = new FileInputStream(file)) {
verifyZipHeader(input);
}
// Open as a proper zip file
return new ZipSecureFile(file);
}代码示例来源:origin: org.apache.servicemix.bundles/org.apache.servicemix.bundles.poi
/**
* Write out this workbook to an OutputStream.
*
* @param stream - the java OutputStream you wish to write to
* @exception IOException if anything can't be written.
*/
@Override
public void write(OutputStream stream) throws IOException {
flushSheets();
//Save the template
File tmplFile = TempFile.createTempFile("poi-sxssf-template", ".xlsx");
boolean deleted;
try {
try (FileOutputStream os = new FileOutputStream(tmplFile)) {
_wb.write(os);
}
//Substitute the template entries with the generated sheet data files
try (ZipSecureFile zf = new ZipSecureFile(tmplFile);
ZipFileZipEntrySource source = new ZipFileZipEntrySource(zf)) {
injectData(source, stream);
}
} finally {
deleted = tmplFile.delete();
}
if(!deleted) {
throw new IOException("Could not delete temporary file after processing: " + tmplFile);
}
}内容来源于网络,如有侵权,请联系作者删除!