zip-extensions 0.14.1

An extension crate for zip.
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31

use std::path::PathBuf;

use crate::audit::entry_audit_handler::EntryAuditHandler;
use crate::audit::entry_view::EntryView;
use crate::audit::report::{SuspiciousEntry, SuspiciousReason, ZipAuditReport};

/// A `PathHandler` is used to track and report on suspicious paths, and signal safe extraction
/// policies. For instance, the handler detects absolute paths and parent components in entry names,
/// tracks the maximum directory depth hint across entries, and flags entries with invalid UTF-8
/// names.
pub struct PathHandler;

impl EntryAuditHandler for PathHandler {
    fn visit(&mut self, view: &EntryView, report: &mut ZipAuditReport) {
        if view.has_abs {
            report.has_absolute_paths = true;
        }
        if view.has_parent_components {
            report.has_parent_components = true;
        }
        if view.depth_hint > report.max_depth_hint {
            report.max_depth_hint = view.depth_hint;
        }
        if view.invalid_utf8 {
            report.suspicious_entries.push(SuspiciousEntry {
                name: PathBuf::from(String::from_utf8_lossy(&view.name_raw).into_owned()),
                reason: SuspiciousReason::InvalidUtf8,
            });
        }
    }
}