How can I protect myself from a zip bomb?

java python security compression zip
flybywire picture flybywire · Sep 22, 2009 · Viewed 15.7k times · Source

I just read about zip bombs, i.e. zip files that contain very large amount of highly compressible data (00000000000000000...).

When opened they fill the server's disk.

How can I detect a zip file is a zip bomb before unzipping it?

UPDATE Can you tell me how is this done in Python or Java?

Answer

Nick Dandoulakis picture Nick Dandoulakis · Sep 22, 2009

Try this in Python:

import zipfile

with zipfile.ZipFile('a_file.zip') as z
    print(f'total files size={sum(e.file_size for e in z.infolist())}')

Related questions

WhatsApp API (java/python)

I am looking for WhatsApp API, preferably a Python or Java library. I've tried Yowsup, but could not get my number registered; I am based in India and I am not sure if that has got anything to do with …

Read More
Compiled vs. Interpreted Languages

I'm trying to get a better understanding of the difference. I've found a lot of explanations online, but they tend towards the abstract differences rather than the practical implications. Most of my programming experiences has been with CPython (dynamic, interpreted), …

Read More
Calling Python in Java?

I am wondering if it is possible to call python functions from java code using jython, or is it only for calling java code from python?

Read More