ZipPathValidator
public
final
class
ZipPathValidator
extends Object
java.lang.Object | |
↳ | dalvik.system.ZipPathValidator |
Enables validation of zip file entry paths to prevent exploitation of the path traversal vulnerability, e.g. zip path entries containing ".." or "/". For more details, read this.
The default implementation accepts all zip file entry paths without raising any exceptions.
For custom validation rules, the core functionality should be implemented in a Callback
interface and that instance should be set in setCallback(dalvik.system.ZipPathValidator.Callback)
.
Existing validation could be set to a default one by calling clearCallback()
.
Summary
Nested classes | |
---|---|
interface |
ZipPathValidator.Callback
Interface that defines the core validation mechanism when accessing zip file entry paths. |
Public methods | |
---|---|
static
void
|
clearCallback()
Clears the current validation mechanism by setting the current callback instance to a default validation. |
static
void
|
setCallback(ZipPathValidator.Callback callback)
Sets the current callback implementation for zip paths. |
Inherited methods | |||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
Public methods
clearCallback
public static void clearCallback ()
Clears the current validation mechanism by setting the current callback instance to a default validation.
setCallback
public static void setCallback (ZipPathValidator.Callback callback)
Sets the current callback implementation for zip paths.
The provided callback should not perform IO or any blocking operations, but only perform path
validation. A typical implementation will validate String entries in a single pass and throw
a ZipException
if the path contains potentially hazardous components such as "..".
Parameters | |
---|---|
callback |
ZipPathValidator.Callback : An instance of Callback 's implementation.
This value cannot be null . |