Struct SecurityConfig 

pub struct SecurityConfig {
    pub max_file_size: u64,
    pub max_total_size: u64,
    pub max_compression_ratio: f64,
    pub max_file_count: usize,
    pub max_path_depth: usize,
    pub allowed: AllowedFeatures,
    pub preserve_permissions: bool,
    pub allowed_extensions: Vec<String>,
    pub banned_path_components: Vec<String>,
    pub allow_solid_archives: bool,
    pub max_solid_block_memory: u64,
}

Security configuration with default-deny settings.

This configuration controls various security checks performed during archive extraction to prevent common vulnerabilities.

Performance Note

This struct contains heap-allocated collections (Vec<String>). For performance, pass by reference (&SecurityConfig) rather than cloning. If shared ownership is needed across threads, consider wrapping in Arc<SecurityConfig>.

Examples

use exarch_core::SecurityConfig;

// Use secure defaults
let config = SecurityConfig::default();

// Customize for specific needs
let custom = SecurityConfig {
    max_file_size: 100 * 1024 * 1024,   // 100 MB
    max_total_size: 1024 * 1024 * 1024, // 1 GB
    ..Default::default()
};

Fields

max_file_size: u64

Maximum size for a single file in bytes.

max_total_size: u64

Maximum total size for all extracted files in bytes.

max_compression_ratio: f64

Maximum compression ratio allowed (uncompressed / compressed).

max_file_count: usize

Maximum number of files that can be extracted.

max_path_depth: usize

Maximum path depth allowed.

allowed: AllowedFeatures

Feature flags controlling what archive features are allowed.

Use this to enable symlinks, hardlinks, absolute paths, etc.

preserve_permissions: bool

Preserve file permissions from archive.

allowed_extensions: Vec<String>

List of allowed file extensions (empty = allow all).

banned_path_components: Vec<String>

List of banned path components (e.g., “.git”, “.ssh”).

allow_solid_archives: bool

Allow extraction from solid 7z archives.

Solid archives compress multiple files together as a single block. While this provides better compression ratios, it has security implications:

• Memory exhaustion: Extracting a single file requires decompressing the entire solid block into memory
• Denial of service: Malicious archives can create large solid blocks that exhaust available memory

Security Recommendation: Only enable for trusted archives.

Default: false (solid archives rejected)

max_solid_block_memory: u64

Maximum memory for solid archive extraction (bytes).

7z Solid Archive Memory Model:

Solid compression in 7z stores multiple files in a single compressed block. Extracting ANY file requires decompressing the ENTIRE solid block into memory, which can cause memory exhaustion attacks.

Validation Strategy:

• Pre-validates total uncompressed size of all files in archive
• This is a conservative heuristic (assumes single solid block)
• Reason: sevenz-rust2 v0.20 doesn’t expose solid block boundaries

Security Guarantee:

• Total uncompressed data cannot exceed this limit
• Combined with max_file_size, prevents unbounded memory growth
• Enforced ONLY when allow_solid_archives is true

Note: Only applies when allow_solid_archives is true.

Default: 512 MB (536,870,912 bytes)

Recommendation: Set to 1-2x available RAM for trusted archives only.

Implementations

impl SecurityConfig

pub fn permissive() -> Self

Creates a permissive configuration for trusted archives.

This configuration allows symlinks, hardlinks, absolute paths, and solid archives. Use only when extracting archives from trusted sources.

pub fn is_path_component_allowed(&self, component: &str) -> bool

Validates whether a path component is allowed.

Comparison is case-insensitive to prevent bypass on case-insensitive filesystems (Windows, macOS default).

pub fn is_extension_allowed(&self, extension: &str) -> bool

Validates whether a file extension is allowed.

Trait Implementations

impl Clone for SecurityConfig

fn clone(&self) -> SecurityConfig

Returns a duplicate of the value.

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source.

impl Debug for SecurityConfig

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter.

impl Default for SecurityConfig

fn default() -> Self

Creates a SecurityConfig with secure default settings.

Default values:

• max_file_size: 50 MB
• max_total_size: 500 MB
• max_compression_ratio: 100.0
• max_file_count: 10,000
• max_path_depth: 32
• allowed: All features disabled (deny-by-default)
• preserve_permissions: false
• allowed_extensions: empty (allow all)
• banned_path_components: [".git", ".ssh", ".gnupg", ".aws", ".kube", ".docker", ".env"]
• allow_solid_archives: false (solid archives rejected)
• max_solid_block_memory: 512 MB