zip_extensions/audit/handlers/
path.rs

1use std::path::PathBuf;
2
3use crate::audit::entry_audit_handler::EntryAuditHandler;
4use crate::audit::entry_view::EntryView;
5use crate::audit::report::{SuspiciousEntry, SuspiciousReason, ZipAuditReport};
6
7/// A `PathHandler` is used to track and report on suspicious paths, and signal safe extraction
8/// policies. For instance, the handler detects absolute paths and parent components in entry names,
9/// tracks the maximum directory depth hint across entries, and flags entries with invalid UTF-8
10/// names.
11pub struct PathHandler;
12
13impl EntryAuditHandler for PathHandler {
14    fn visit(&mut self, view: &EntryView, report: &mut ZipAuditReport) {
15        if view.has_abs {
16            report.has_absolute_paths = true;
17        }
18        if view.has_parent_components {
19            report.has_parent_components = true;
20        }
21        if view.depth_hint > report.max_depth_hint {
22            report.max_depth_hint = view.depth_hint;
23        }
24        if view.invalid_utf8 {
25            report.suspicious_entries.push(SuspiciousEntry {
26                name: PathBuf::from(String::from_utf8_lossy(&view.name_raw).into_owned()),
27                reason: SuspiciousReason::InvalidUtf8,
28            });
29        }
30    }
31}
zip_extensions/audit/handlers/path.rs

zip_extensions/audit/handlers/
path.rs
