feat: allow to set zip max entries count using env var (#1751)

2024-10-07 01:53:34 +00:00 · 2023-11-16 17:08:55 +00:00 · 2023-11-16 17:08:55 +00:00 · 2d28da9b0e
commit 2d28da9b0e
parent edb1717969
4 changed files with 35 additions and 6 deletions
--- a/README.md
+++ b/README.md
@ -173,6 +173,11 @@ Plugin options (-P<name>=<value>):
    - rename-mappings.format          - mapping format, values: [auto, TINY, TINY_2, ENIGMA, ENIGMA_DIR, MCP, SRG, TSRG, TSRG2, PROGUARD], default: auto
    - rename-mappings.invert          - invert mapping, values: [yes, no], default: no

+Environment variables:
+  JADX_DISABLE_ZIP_SECURITY - set to 'true' to disable all security checks for zip files
+  JADX_ZIP_MAX_ENTRIES_COUNT - maximum allowed number of entries in zip files (default: 100 000)
+  JADX_TMP_DIR - custom temp directory, using system by default
+
 Examples:
  jadx -d out classes.dex
  jadx --rename-flags "none" classes.dex
--- a/jadx-cli/src/main/java/jadx/cli/JCommanderWrapper.java
+++ b/jadx-cli/src/main/java/jadx/cli/JCommanderWrapper.java
@ -108,6 +108,11 @@ public class JCommanderWrapper<T> {
 		int maxNamesLen = printOptions(jc, out, true);
 		out.println(appendPluginOptions(maxNamesLen));
 		out.println();
+		out.println("Environment variables:");
+		out.println("  JADX_DISABLE_ZIP_SECURITY - set to 'true' to disable all security checks for zip files");
+		out.println("  JADX_ZIP_MAX_ENTRIES_COUNT - maximum allowed number of entries in zip files (default: 100 000)");
+		out.println("  JADX_TMP_DIR - custom temp directory, using system by default");
+		out.println();
 		out.println("Examples:");
 		out.println("  jadx -d out classes.dex");
 		out.println("  jadx --rename-flags \"none\" classes.dex");
--- a/jadx-core/src/main/java/jadx/api/plugins/utils/ZipSecurity.java
+++ b/jadx-core/src/main/java/jadx/api/plugins/utils/ZipSecurity.java
@ -5,7 +5,6 @@ import java.io.File;
 import java.io.IOException;
 import java.io.InputStream;
 import java.util.Enumeration;
-import java.util.Objects;
 import java.util.function.BiConsumer;
 import java.util.function.BiFunction;
 import java.util.zip.ZipEntry;
@ -15,10 +14,13 @@ import org.jetbrains.annotations.Nullable;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;

+import jadx.core.utils.Utils;
+import jadx.core.utils.exceptions.JadxRuntimeException;
+
 public class ZipSecurity {
 	private static final Logger LOG = LoggerFactory.getLogger(ZipSecurity.class);

-	private static final boolean DISABLE_CHECKS = Objects.equals(System.getenv("JADX_DISABLE_ZIP_SECURITY"), "true");
+	private static final boolean DISABLE_CHECKS = Utils.getEnvVarBool("JADX_DISABLE_ZIP_SECURITY", false);

 	/**
 	 * size of uncompressed zip entry shouldn't be bigger of compressed in
@ -31,7 +33,8 @@ public class ZipSecurity {
 	 * are considered safe
 	 */
 	private static final int ZIP_BOMB_MIN_UNCOMPRESSED_SIZE = 25 * 1024 * 1024;
-	private static final int MAX_ENTRIES_COUNT = 100_000;
+
+	private static final int MAX_ENTRIES_COUNT = Utils.getEnvVarInt("JADX_ZIP_MAX_ENTRIES_COUNT", 100_000);

 	private ZipSecurity() {
 	}
@ -130,13 +133,13 @@ public class ZipSecurity {
 					}
 					entriesProcessed++;
 					if (!DISABLE_CHECKS && entriesProcessed > MAX_ENTRIES_COUNT) {
-						throw new IllegalStateException("Zip entries count limit exceeded: " + MAX_ENTRIES_COUNT
+						throw new JadxRuntimeException("Zip entries count limit exceeded: " + MAX_ENTRIES_COUNT
 								+ ", last entry: " + entry.getName());
 					}
 				}
 			}
 		} catch (Exception e) {
-			throw new RuntimeException("Failed to process zip file: " + file.getAbsolutePath(), e);
+			throw new JadxRuntimeException("Failed to process zip file: " + file.getAbsolutePath(), e);
 		}
 		return null;
 	}
@ -147,7 +150,7 @@ public class ZipSecurity {
 				try (InputStream in = getInputStreamForEntry(zip, entry)) {
 					visitor.accept(entry, in);
 				} catch (Exception e) {
-					throw new RuntimeException("Error process zip entry: " + entry.getName());
+					throw new JadxRuntimeException("Failed to process zip entry: " + entry.getName());
 				}
 			}
 			return null;
--- a/jadx-core/src/main/java/jadx/core/utils/Utils.java
+++ b/jadx-core/src/main/java/jadx/core/utils/Utils.java
@ -487,4 +487,20 @@ public class Utils {
 			throw new JadxRuntimeException("Thread interrupted");
 		}
 	}
+
+	public static boolean getEnvVarBool(String varName, boolean defValue) {
+		String strValue = System.getenv(varName);
+		if (strValue == null) {
+			return defValue;
+		}
+		return strValue.equalsIgnoreCase("true");
+	}
+
+	public static int getEnvVarInt(String varName, int defValue) {
+		String strValue = System.getenv(varName);
+		if (strValue == null) {
+			return defValue;
+		}
+		return Integer.parseInt(strValue);
+	}
 }