Record Class BombProtection
- Record Components:
maxCompressionRatio- max ratio of decompressed:compressed bytes (default100) | 最大解压:压缩字节比(默认100)maxTotalSize- max total decompressed bytes (default10 GiB) | 解压总字节上限(默认10 GiB)maxEntryCount- max entries in a single archive (default65535) | 单个归档的最大条目数(默认65535)maxNestingDepth- max nested-zip depth detected by.zipsuffix (default3) | 嵌套 ZIP 最大深度,按.zip后缀 识别(默认3)maxSingleEntrySize- max decompressed bytes for any single entry (default5 GiB) | 单条目解压字节上限(默认5 GiB)
extract operations.
ZIP extract 操作的反炸弹阈值组。
Groups the five caps that ZipUtil.extract(java.nio.file.Path, java.nio.file.Path, ZipOptions) enforces while inflating entries. Bundling them into a single nested record
(instead of five flat fields on ZipOptions) lets policy code propagate a complete
tuning preset as one unit — Spring property binding, telemetry, and override-style policy
composition all become a single object copy.
把 ZipUtil.extract(java.nio.file.Path, java.nio.file.Path, ZipOptions) 在
inflate 时强制的 5 个上限聚合在一个嵌套记录里(而非散落在 ZipOptions 的 5 个扁平字段),
让策略代码可以以单对象的形式整体传递、覆盖和上报。
Defaults | 默认值: maxCompressionRatio=100,
maxTotalSize=10 GiB, maxEntryCount=65535, maxNestingDepth=3,
maxSingleEntrySize=5 GiB. Use defaults() for the canonical preset.
Threat model | 威胁模型: the HARD_MAX_* constants are upper
bounds for "what the library will technically accept," NOT "what is safe for unknown input."
A BombProtection that pegs every field at its hard cap is a fully-legal record
(1 TiB total / 10M entries / 1 TiB single entry / 1M:1 ratio) — far beyond what most
production deployments should ever permit. Callers receiving a BombProtection from
untrusted configuration (Spring property binding, JSON, env vars, REST payload) MUST validate
the values against their own threat model before passing the record to ZipUtil or
ZipModifier; treat the hard caps as kill-switches, not safe defaults.
HARD_MAX_* 常量是"库技术上能接受"的上限,**不是**"对未知输入安全"的边界。
五个字段全顶到硬上限的 BombProtection 是合法记录(1 TiB 总量 / 10M 条目 /
1 TiB 单条目 / 1M:1 压缩比),远超绝大多数生产环境应允许的范围。从不可信来源(Spring 属性
绑定、JSON、环境变量、REST 负载)接收 BombProtection 时,调用方必须先用自己的
威胁模型校验后再传给 ZipUtil / ZipModifier;把硬上限当熔断器,不要当安全
默认。
Usage Examples | 使用示例:
// Tighter preset for untrusted archives
BombProtection strict = new BombProtection(20, 100L * 1024 * 1024, 1000, 1, 50L * 1024 * 1024);
ZipOptions opts = ZipOptions.builder().bombProtection(strict).build();
- Since:
- JDK 25, opencode-base-io V1.0.4
- Author:
- Leon Soo www.LeonSoo.com
- See Also:
-
Field Summary
FieldsModifier and TypeFieldDescriptionstatic final longHard upper bound formaxCompressionRatio. / 压缩比硬上限。static final intHard upper bound formaxEntryCount. / 条目数硬上限。static final intHard upper bound formaxNestingDepth. / 嵌套深度硬上限。static final longHard upper bound formaxSingleEntrySize(1 TiB). / 单条目字节硬上限(1 TiB)。static final longHard upper bound formaxTotalSize(1 TiB). / 解压总字节硬上限(1 TiB)。 -
Constructor Summary
ConstructorsConstructorDescriptionBombProtection(long maxCompressionRatio, long maxTotalSize, int maxEntryCount, int maxNestingDepth, long maxSingleEntrySize) Canonical constructor with hard-bound enforcement on both ends. -
Method Summary
Modifier and TypeMethodDescriptionstatic BombProtectiondefaults()Default thresholds matching the historicalZipOptionsdefaults.final booleanIndicates whether some other object is "equal to" this one.final inthashCode()Returns a hash code value for this object.longReturns the value of themaxCompressionRatiorecord component.intReturns the value of themaxEntryCountrecord component.intReturns the value of themaxNestingDepthrecord component.longReturns the value of themaxSingleEntrySizerecord component.longReturns the value of themaxTotalSizerecord component.final StringtoString()Returns a string representation of this record class.
-
Field Details
-
HARD_MAX_COMPRESSION_RATIO
public static final long HARD_MAX_COMPRESSION_RATIOHard upper bound formaxCompressionRatio. / 压缩比硬上限。- See Also:
-
HARD_MAX_TOTAL_SIZE
public static final long HARD_MAX_TOTAL_SIZEHard upper bound formaxTotalSize(1 TiB). / 解压总字节硬上限(1 TiB)。- See Also:
-
HARD_MAX_ENTRY_COUNT
public static final int HARD_MAX_ENTRY_COUNTHard upper bound formaxEntryCount. / 条目数硬上限。- See Also:
-
HARD_MAX_NESTING_DEPTH
public static final int HARD_MAX_NESTING_DEPTHHard upper bound formaxNestingDepth. / 嵌套深度硬上限。- See Also:
-
HARD_MAX_SINGLE_ENTRY_SIZE
public static final long HARD_MAX_SINGLE_ENTRY_SIZEHard upper bound formaxSingleEntrySize(1 TiB). / 单条目字节硬上限(1 TiB)。- See Also:
-
-
Constructor Details
-
BombProtection
public BombProtection(long maxCompressionRatio, long maxTotalSize, int maxEntryCount, int maxNestingDepth, long maxSingleEntrySize) Canonical constructor with hard-bound enforcement on both ends. Non-positive values (including0) raiseIllegalArgumentExceptionrather than silently falling back to defaults — a misconfiguration likemaxCompressionRatio: 0(intent: disable; effect under the old contract: silently apply 100) hides bugs at the edge where they are most expensive to find. Values above theHARD_MAX_*ceiling also throw, so attacker-controlled config (Spring property binding, JSON, env vars) cannot pretend-to- disable bomb protection by passingLong.MAX_VALUE, and legitimate callers above the cap fail loudly at startup rather than silently running at a different threshold than they configured. Usedefaults()when you want defaults. 规范构造器:两端硬约束。非正值(含0)抛IllegalArgumentException,不再静默 回退默认 —— 类似maxCompressionRatio: 0(意图禁用,旧契约下静默装成 100)的配置错误 应在边界报响。超过HARD_MAX_*上限同样抛出:攻击者通过外部配置(Spring 属性绑定、 JSON、环境变量)传Long.MAX_VALUE不能静默放过;合法调用方超上限也会启动期失败, 不会以与配置不符的阈值静默运行。需要默认值时使用defaults()。- Throws:
IllegalArgumentException- when any value is non-positive or exceeds its correspondingHARD_MAX_*ceiling | 任一值非正或超过对应HARD_MAX_*上限时抛出
-
-
Method Details
-
defaults
Default thresholds matching the historicalZipOptionsdefaults. 与历史ZipOptions缺省值一致的默认阈值组。- Returns:
- canonical defaults | 规范默认值
-
toString
-
hashCode
-
equals
Indicates whether some other object is "equal to" this one. The objects are equal if the other object is of the same class and if all the record components are equal. All components in this record class are compared with thecomparemethod from their corresponding wrapper classes. -
maxCompressionRatio
public long maxCompressionRatio()Returns the value of themaxCompressionRatiorecord component.- Returns:
- the value of the
maxCompressionRatiorecord component
-
maxTotalSize
public long maxTotalSize()Returns the value of themaxTotalSizerecord component.- Returns:
- the value of the
maxTotalSizerecord component
-
maxEntryCount
public int maxEntryCount()Returns the value of themaxEntryCountrecord component.- Returns:
- the value of the
maxEntryCountrecord component
-
maxNestingDepth
public int maxNestingDepth()Returns the value of themaxNestingDepthrecord component.- Returns:
- the value of the
maxNestingDepthrecord component
-
maxSingleEntrySize
public long maxSingleEntrySize()Returns the value of themaxSingleEntrySizerecord component.- Returns:
- the value of the
maxSingleEntrySizerecord component
-