mirror of
https://github.com/skylot/jadx.git
synced 2024-10-07 01:53:34 +00:00
feat: allow to set zip max entries count using env var (#1751)
This commit is contained in:
parent
edb1717969
commit
2d28da9b0e
@ -173,6 +173,11 @@ Plugin options (-P<name>=<value>):
|
||||
- rename-mappings.format - mapping format, values: [auto, TINY, TINY_2, ENIGMA, ENIGMA_DIR, MCP, SRG, TSRG, TSRG2, PROGUARD], default: auto
|
||||
- rename-mappings.invert - invert mapping, values: [yes, no], default: no
|
||||
|
||||
Environment variables:
|
||||
JADX_DISABLE_ZIP_SECURITY - set to 'true' to disable all security checks for zip files
|
||||
JADX_ZIP_MAX_ENTRIES_COUNT - maximum allowed number of entries in zip files (default: 100 000)
|
||||
JADX_TMP_DIR - custom temp directory, using system by default
|
||||
|
||||
Examples:
|
||||
jadx -d out classes.dex
|
||||
jadx --rename-flags "none" classes.dex
|
||||
|
@ -108,6 +108,11 @@ public class JCommanderWrapper<T> {
|
||||
int maxNamesLen = printOptions(jc, out, true);
|
||||
out.println(appendPluginOptions(maxNamesLen));
|
||||
out.println();
|
||||
out.println("Environment variables:");
|
||||
out.println(" JADX_DISABLE_ZIP_SECURITY - set to 'true' to disable all security checks for zip files");
|
||||
out.println(" JADX_ZIP_MAX_ENTRIES_COUNT - maximum allowed number of entries in zip files (default: 100 000)");
|
||||
out.println(" JADX_TMP_DIR - custom temp directory, using system by default");
|
||||
out.println();
|
||||
out.println("Examples:");
|
||||
out.println(" jadx -d out classes.dex");
|
||||
out.println(" jadx --rename-flags \"none\" classes.dex");
|
||||
|
@ -5,7 +5,6 @@ import java.io.File;
|
||||
import java.io.IOException;
|
||||
import java.io.InputStream;
|
||||
import java.util.Enumeration;
|
||||
import java.util.Objects;
|
||||
import java.util.function.BiConsumer;
|
||||
import java.util.function.BiFunction;
|
||||
import java.util.zip.ZipEntry;
|
||||
@ -15,10 +14,13 @@ import org.jetbrains.annotations.Nullable;
|
||||
import org.slf4j.Logger;
|
||||
import org.slf4j.LoggerFactory;
|
||||
|
||||
import jadx.core.utils.Utils;
|
||||
import jadx.core.utils.exceptions.JadxRuntimeException;
|
||||
|
||||
public class ZipSecurity {
|
||||
private static final Logger LOG = LoggerFactory.getLogger(ZipSecurity.class);
|
||||
|
||||
private static final boolean DISABLE_CHECKS = Objects.equals(System.getenv("JADX_DISABLE_ZIP_SECURITY"), "true");
|
||||
private static final boolean DISABLE_CHECKS = Utils.getEnvVarBool("JADX_DISABLE_ZIP_SECURITY", false);
|
||||
|
||||
/**
|
||||
* size of uncompressed zip entry shouldn't be bigger of compressed in
|
||||
@ -31,7 +33,8 @@ public class ZipSecurity {
|
||||
* are considered safe
|
||||
*/
|
||||
private static final int ZIP_BOMB_MIN_UNCOMPRESSED_SIZE = 25 * 1024 * 1024;
|
||||
private static final int MAX_ENTRIES_COUNT = 100_000;
|
||||
|
||||
private static final int MAX_ENTRIES_COUNT = Utils.getEnvVarInt("JADX_ZIP_MAX_ENTRIES_COUNT", 100_000);
|
||||
|
||||
private ZipSecurity() {
|
||||
}
|
||||
@ -130,13 +133,13 @@ public class ZipSecurity {
|
||||
}
|
||||
entriesProcessed++;
|
||||
if (!DISABLE_CHECKS && entriesProcessed > MAX_ENTRIES_COUNT) {
|
||||
throw new IllegalStateException("Zip entries count limit exceeded: " + MAX_ENTRIES_COUNT
|
||||
throw new JadxRuntimeException("Zip entries count limit exceeded: " + MAX_ENTRIES_COUNT
|
||||
+ ", last entry: " + entry.getName());
|
||||
}
|
||||
}
|
||||
}
|
||||
} catch (Exception e) {
|
||||
throw new RuntimeException("Failed to process zip file: " + file.getAbsolutePath(), e);
|
||||
throw new JadxRuntimeException("Failed to process zip file: " + file.getAbsolutePath(), e);
|
||||
}
|
||||
return null;
|
||||
}
|
||||
@ -147,7 +150,7 @@ public class ZipSecurity {
|
||||
try (InputStream in = getInputStreamForEntry(zip, entry)) {
|
||||
visitor.accept(entry, in);
|
||||
} catch (Exception e) {
|
||||
throw new RuntimeException("Error process zip entry: " + entry.getName());
|
||||
throw new JadxRuntimeException("Failed to process zip entry: " + entry.getName());
|
||||
}
|
||||
}
|
||||
return null;
|
||||
|
@ -487,4 +487,20 @@ public class Utils {
|
||||
throw new JadxRuntimeException("Thread interrupted");
|
||||
}
|
||||
}
|
||||
|
||||
public static boolean getEnvVarBool(String varName, boolean defValue) {
|
||||
String strValue = System.getenv(varName);
|
||||
if (strValue == null) {
|
||||
return defValue;
|
||||
}
|
||||
return strValue.equalsIgnoreCase("true");
|
||||
}
|
||||
|
||||
public static int getEnvVarInt(String varName, int defValue) {
|
||||
String strValue = System.getenv(varName);
|
||||
if (strValue == null) {
|
||||
return defValue;
|
||||
}
|
||||
return Integer.parseInt(strValue);
|
||||
}
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user