...
This noncompliant code fails to check the resource consumption of the file that is being unzipped. It permits the operation to run to completion or until local resources are exhausted.
| Code Block | ||
|---|---|---|
| ||
static final int BUFFER = 512; // ... // external data source: args[0] const int BUFFER = 512; filename BufferedOutputStream dest = null; FileInputStream fis = new FileInputStream(args[0] filename); ZipInputStream zis = new ZipInputStream(new BufferedInputStream(fis)); ZipEntry entry; while((entry = zis.getNextEntry()) != null) { System.out.println("Extracting: " +entry); int count; byte data[] = new byte[BUFFER]; // write the files to the disk FileOutputStream fos = new FileOutputStream(entry.getName()); dest = new BufferedOutputStream(fos, BUFFER); while ((count = zis.read(data, 0, BUFFER)) != -1) { dest.write(data, 0, count); } dest.flush(); dest.close(); } zis.close(); |
...
| Code Block | ||
|---|---|---|
| ||
// write the files to the disk - if file is not insanely big const int TOOBIG = 0x6400000; // 100MB if (entry.getSize() > TOOBIG) { throw new RuntimeException("File to be unzipped is huge."); } if (entry.getSize() == -1) { throw new RuntimeException("File to be unzipped might be huge."); } FileOutputStream fos = new FileOutputStream(entry.getName()); dest = new BufferedOutputStream(fos, BUFFER); while ((count = zis.read(data, 0, BUFFER)) != -1) { dest.write(data, 0, count); } |
...