Menu
I just read about zip bombs, i.e. zip files that contain very large amount of highly compressible data (00000000000000000...).
When opened they fill the server's disk.
How can I detect a zip file is a zip bomb before unzipping it?
UPDATE Can you tell me how is this done in Python or Java?
735
There are some additional precautions that users can take to protect their systems from zip of death attacks, including the following: Don't unzip files that are 2 KB or larger. Use authentic antivirus software, such as Avast and Norton. Only download files from trusted websites.
Zip bombs are not what its name says it is. When you unzip a zip bomb, it doesn't "explode" in a grand fashion. If you use the extract all function. It's just gonna crash.
Ultimately, zip bombs are harmful to the system because they make the 'environment' of a computer more conducive for an attack by traditional viruses. Thankfully, modern (and good) antivirus programs can detect whether a file is a zip bomb, and alert the user so they don't try to unpack it.
Don't allow the upload process to write enough data to fill up the disk, ie solve the problem, not just one possible cause of the problem. Show activity on this post. Show activity on this post. If the ZIP decompressor you use can provide the data on original and compressed size you can use that data.
Try this in Python:
import zipfile with zipfile.ZipFile('a_file.zip') as z print(f'total files size={sum(e.file_size for e in z.infolist())}') Zip is, erm, an "interesting" format. A robust solution is to stream the data out, and stop when you have had enough. In Java, use ZipInputStream rather than ZipFile. The latter also requires you to store the data in a temporary file, which is also not the greatest of ideas.
41
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
