Lucene
 » 
Apache Tika - Development

 « Return to Thread: [jira] Created: (TIKA-216) Zip bomb prevention

[jira] Resolved: (TIKA-216) Zip bomb prevention

by JIRA jira@apache.org :: Rate this Message:

Reply to Author | View in Thread


     [ https://issues.apache.org/jira/browse/TIKA-216?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Jukka Zitting resolved TIKA-216.
--------------------------------

       Resolution: Fixed
    Fix Version/s: 0.4
         Assignee: Jukka Zitting

There is now a SecureContentHandler decorator class that implements a simple zip bomb prevention heuristic. By default the class throws an exception for any input documents that produce over 100 output characters per input byte, a compression ratio that no normal document is expected to reach. There is a default threshold of 1M output characters after which the zip bomb detection gets activated. This threshold avoids false positives for otherwise normal documents that for some reason start with a sequence of highly compressible data.

The SecureContentHandler decorator class is used together with the CountingInputStream from Commons IO. See below for sample usage:

    CountingInputStream count = new CountingInputStream(stream);
    SecureContentHandler secure = new SecureContentHandler(handler, count);
    try {
        parser.parse(count, secure, metadata);
    } catch (SAXException e) {
        secure.throwIfCauseOf(e);
        throw e;
    }

I added this to the AutoDetectParser, so all clients that use AutoDetectParser or tools based on that are automatically protected against simple zip bombs.



> Zip bomb prevention
> -------------------
>
>                 Key: TIKA-216
>                 URL: https://issues.apache.org/jira/browse/TIKA-216
>             Project: Tika
>          Issue Type: New Feature
>          Components: parser
>            Reporter: Jukka Zitting
>            Assignee: Jukka Zitting
>             Fix For: 0.4
>
>
> It would be good to have a mechanism that automatically detects a "zip bomb", i.e. a compressed document that expands to excessive amounts of extracted text. The classic example is the 42.zip file that's just 42kB in size, but expands to about 4 *petabytes* when all layers are fully uncompressed.
> A simple preventive measure could be a Parser decorator that counts the number of input bytes and the output characters, and fails with a TikaException when the ratio exceeds some configurable limit.
> As another preventive measure, the decorator could also keep track of the time (and perhaps even memory, if possible) it takes to process the input document. A TikaException would be thrown if processing time exceeds some configurable limit.

--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

 « Return to Thread: [jira] Created: (TIKA-216) Zip bomb prevention

Free embeddable forum powered by Nabble Forum Help