本文整理了Java中jadx.core.utils.files.ZipSecurity类的一些代码示例,展示了ZipSecurity类的具体用法。这些代码示例主要来源于Github/Stackoverflow/Maven等平台,是从一些精选项目中提取出来的代码,具有较强的参考意义,能在一定程度帮忙到你。ZipSecurity类的具体详情如下:
包路径:jadx.core.utils.files.ZipSecurity
类名称:ZipSecurity
暂无
代码示例来源:origin: skylot/jadx
private static boolean isInSubDirectoryInternal(File baseDir, File canonFile) {
if (canonFile == null) {
return false;
}
if (canonFile.equals(baseDir)) {
return true;
}
return isInSubDirectoryInternal(baseDir, canonFile.getParentFile());
}代码示例来源:origin: skylot/jadx
public static boolean isValidZipEntry(ZipEntry entry) {
return isValidZipEntryName(entry.getName())
&& !isZipBomb(entry);
}
}代码示例来源:origin: skylot/jadx
private void loadFile(List<ResourceFile> list, File file) {
if (file == null) {
return;
}
try (ZipFile zip = new ZipFile(file)) {
Enumeration<? extends ZipEntry> entries = zip.entries();
while (entries.hasMoreElements()) {
ZipEntry entry = entries.nextElement();
if (ZipSecurity.isValidZipEntry(entry)) {
addEntry(list, file, entry);
}
}
} catch (Exception e) {
LOG.debug("Not a zip file: {}", file.getAbsolutePath());
addResourceFile(list, file);
}
}代码示例来源:origin: skylot/jadx
public void save(File dir, String subDir, String fileName) {
if (!ZipSecurity.isValidZipEntryName(subDir) || !ZipSecurity.isValidZipEntryName(fileName)) {
return;
}
save(dir, new File(subDir, fileName).getPath());
}代码示例来源:origin: skylot/jadx
private void save(ResContainer rc, File outDir) {
File outFile = new File(outDir, rc.getFileName());
if (!ZipSecurity.isInSubDirectory(outDir, outFile)) {
LOG.error("Path traversal attack detected, invalid resource name: {}", outFile.getPath());
return;
}
saveToFile(rc, outFile);
}代码示例来源:origin: skylot/jadx
public void load(File input) throws IOException, DecodeException {
String name = input.getName();
try (InputStream inputStream = new FileInputStream(input)) {
if (name.endsWith(CLST_EXTENSION)) {
load(inputStream);
} else if (name.endsWith(".jar")) {
try (ZipInputStream in = new ZipInputStream(inputStream)) {
ZipEntry entry = in.getNextEntry();
while (entry != null) {
if (entry.getName().endsWith(CLST_EXTENSION) && ZipSecurity.isValidZipEntry(entry)) {
load(in);
}
entry = in.getNextEntry();
}
}
} else {
throw new JadxRuntimeException("Unknown file format: " + name);
}
}
}代码示例来源:origin: skylot/jadx
public static ResourceFile createResourceFile(JadxDecompiler decompiler, String name, ResourceType type) {
if (!ZipSecurity.isValidZipEntryName(name)) {
return null;
}
return new ResourceFile(decompiler, name, type);
}代码示例来源:origin: skylot/jadx
@Override
public String getContent() {
try {
ResourceFile.ZipRef zipRef = rf.getZipRef();
if (zipRef == null) {
File file = new File(rf.getName());
try (InputStream inputStream = new BufferedInputStream(new FileInputStream(file))) {
return CertificateManager.decode(inputStream);
}
} else {
try (ZipFile zipFile = new ZipFile(zipRef.getZipFile())) {
ZipEntry entry = zipFile.getEntry(zipRef.getEntryName());
if (entry == null) {
throw new IOException("Zip entry not found: " + zipRef);
}
if (!ZipSecurity.isValidZipEntry(entry)) {
return null;
}
try (InputStream inputStream = new BufferedInputStream(zipFile.getInputStream(entry))) {
return CertificateManager.decode(inputStream);
}
}
}
} catch (Exception e) {
LOG.error("Certificate decode error: {}", rf.getName(), e);
return "Decode error: " + e.getMessage();
}
}
}代码示例来源:origin: skylot/jadx
public void save(File dir, String fileName) {
if (!ZipSecurity.isValidZipEntryName(fileName)) {
return;
}
save(new File(dir, fileName));
}代码示例来源:origin: skylot/jadx
public static boolean isInSubDirectory(File baseDir, File file) {
try {
file = file.getCanonicalFile();
baseDir = baseDir.getCanonicalFile();
} catch (IOException e) {
return false;
}
return isInSubDirectoryInternal(baseDir, file);
}代码示例来源:origin: skylot/jadx
public static <T> T decodeStream(ResourceFile rf, ResourceDecoder<T> decoder) throws JadxException {
try {
ZipRef zipRef = rf.getZipRef();
if (zipRef == null) {
File file = new File(rf.getName());
try (InputStream inputStream = new BufferedInputStream(new FileInputStream(file))) {
return decoder.decode(file.length(), inputStream);
}
} else {
try (ZipFile zipFile = new ZipFile(zipRef.getZipFile())) {
ZipEntry entry = zipFile.getEntry(zipRef.getEntryName());
if (entry == null) {
throw new IOException("Zip entry not found: " + zipRef);
}
if (!ZipSecurity.isValidZipEntry(entry)) {
return null;
}
try (InputStream inputStream = new BufferedInputStream(zipFile.getInputStream(entry))) {
return decoder.decode(entry.getSize(), inputStream);
}
}
}
} catch (Exception e) {
throw new JadxException("Error decode: " + rf.getName(), e);
}
}代码示例来源:origin: skylot/jadx
private static Dex loadFromClassFile(File file) throws IOException, DecodeException {
File outFile = FileUtils.createTempFile("cls.jar");
try (JarOutputStream jo = new JarOutputStream(new FileOutputStream(outFile))) {
String clsName = AsmUtils.getNameFromClassFile(file);
if (clsName == null || !ZipSecurity.isValidZipEntryName(clsName)) {
throw new IOException("Can't read class name from file: " + file);
}
FileUtils.addFileToJar(jo, file, clsName + ".class");
}
return loadFromJar(outFile);
}代码示例来源:origin: skylot/jadx
public static boolean isValidZipEntryName(String entryName) {
try {
File currentPath = new File(".").getCanonicalFile();
File canonical = new File(currentPath, entryName).getCanonicalFile();
if (isInSubDirectoryInternal(currentPath, canonical)) {
return true;
}
LOG.error("Path traversal attack detected, invalid name: {}", entryName);
return false;
} catch (Exception e) {
LOG.error("Path traversal attack detected, invalid name: {}", entryName);
return false;
}
}代码示例来源:origin: skylot/jadx
for (Enumeration<? extends ZipEntry> e = zf.entries(); e.hasMoreElements(); ) {
ZipEntry entry = e.nextElement();
if (!ZipSecurity.isValidZipEntry(entry)) {
continue;内容来源于网络,如有侵权,请联系作者删除!