How can I protect myself from a zip bomb?

flybywire picture flybywire · Sep 22, 2009 · Viewed 15.7k times · Source

I just read about zip bombs, i.e. zip files that contain very large amount of highly compressible data (00000000000000000...).

When opened they fill the server's disk.

How can I detect a zip file is a zip bomb before unzipping it?

UPDATE Can you tell me how is this done in Python or Java?

Answer

Nick Dandoulakis picture Nick Dandoulakis · Sep 22, 2009

Try this in Python:

import zipfile

with zipfile.ZipFile('a_file.zip') as z
    print(f'total files size={sum(e.file_size for e in z.infolist())}')