Search in sources :

Example 1 with KeyStoreZipCompressionRatioExceeded

use of com.venafi.vcert.sdk.connectors.ConnectorException.KeyStoreZipCompressionRatioExceeded in project vcert-java by Venafi.

the class CloudConnectorUtils method readZipEntry.

private static String readZipEntry(ZipEntry zipEntry, ZipInputStream zis, String certId) throws VCertException, IOException {
    long totalSizeEntry = 0;
    // It's expected that the compression ratio should't be more than 3
    final int MAX_RATIO = 3;
    StringBuilder s = new StringBuilder();
    byte[] buffer = new byte[1024];
    int nBytes = 0;
    while ((nBytes = zis.read(buffer, 0, 1024)) >= 0) {
        s.append(new String(buffer, 0, nBytes));
        // ZIP Bomb Attack validation
        // If the compression ratio of the current unzipped file is major that the expected
        // max ratio
        totalSizeEntry += nBytes;
        long compressionRatio = totalSizeEntry / zipEntry.getCompressedSize();
        if (compressionRatio > MAX_RATIO) {
            // ratio between compressed and uncompressed data is highly suspicious, looks like a Zip Bomb Attack
            throw new KeyStoreZipCompressionRatioExceeded(certId, zipEntry.getName(), MAX_RATIO);
        }
    }
    return s.toString();
}
Also used : com.venafi.vcert.sdk.connectors.cloud.endpoint(com.venafi.vcert.sdk.connectors.cloud.endpoint) KeyStoreZipCompressionRatioExceeded(com.venafi.vcert.sdk.connectors.ConnectorException.KeyStoreZipCompressionRatioExceeded)

Aggregations

KeyStoreZipCompressionRatioExceeded (com.venafi.vcert.sdk.connectors.ConnectorException.KeyStoreZipCompressionRatioExceeded)1 com.venafi.vcert.sdk.connectors.cloud.endpoint (com.venafi.vcert.sdk.connectors.cloud.endpoint)1