You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tika.apache.org by "Jukka Zitting (JIRA)" <ji...@apache.org> on 2009/06/10 22:19:07 UTC
[jira] Commented: (TIKA-216) Zip bomb prevention
[ https://issues.apache.org/jira/browse/TIKA-216?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12718184#action_12718184 ]
Jukka Zitting commented on TIKA-216:
------------------------------------
For the record, see a similar issue in the Aperture project:
http://sourceforge.net/tracker/?func=detail&aid=2786554&group_id=150969&atid=779500
> Zip bomb prevention
> -------------------
>
> Key: TIKA-216
> URL: https://issues.apache.org/jira/browse/TIKA-216
> Project: Tika
> Issue Type: New Feature
> Components: parser
> Reporter: Jukka Zitting
> Assignee: Jukka Zitting
> Fix For: 0.4
>
>
> It would be good to have a mechanism that automatically detects a "zip bomb", i.e. a compressed document that expands to excessive amounts of extracted text. The classic example is the 42.zip file that's just 42kB in size, but expands to about 4 *petabytes* when all layers are fully uncompressed.
> A simple preventive measure could be a Parser decorator that counts the number of input bytes and the output characters, and fails with a TikaException when the ratio exceeds some configurable limit.
> As another preventive measure, the decorator could also keep track of the time (and perhaps even memory, if possible) it takes to process the input document. A TikaException would be thrown if processing time exceeds some configurable limit.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.