ZipPathValidator

public final class ZipPathValidator
extends Object

java.lang.Object
   ↳ dalvik.system.ZipPathValidator


Enables validation of zip file entry paths to prevent exploitation of the path traversal vulnerability, e.g. zip path entries containing ".." or "/". For more details, read this.

The default implementation accepts all zip file entry paths without raising any exceptions.

For custom validation rules, the core functionality should be implemented in a Callback interface and that instance should be set in setCallback(dalvik.system.ZipPathValidator.Callback).

Existing validation could be set to a default one by calling clearCallback().

Summary

Nested classes

interface ZipPathValidator.Callback

Interface that defines the core validation mechanism when accessing zip file entry paths. 

Public methods

static void clearCallback()

Clears the current validation mechanism by setting the current callback instance to a default validation.

static void setCallback(ZipPathValidator.Callback callback)

Sets the current callback implementation for zip paths.

Inherited methods

Object clone()

Creates and returns a copy of this object.

boolean equals(Object obj)

Indicates whether some other object is "equal to" this one.

void finalize()

Called by the garbage collector on an object when garbage collection determines that there are no more references to the object.

final Class<?> getClass()

Returns the runtime class of this Object.

int hashCode()

Returns a hash code value for the object.

final void notify()

Wakes up a single thread that is waiting on this object's monitor.

final void notifyAll()

Wakes up all threads that are waiting on this object's monitor.

String toString()

Returns a string representation of the object.

final void wait(long timeoutMillis, int nanos)

Causes the current thread to wait until it is awakened, typically by being notified or interrupted, or until a certain amount of real time has elapsed.

final void wait(long timeoutMillis)

Causes the current thread to wait until it is awakened, typically by being notified or interrupted, or until a certain amount of real time has elapsed.

final void wait()

Causes the current thread to wait until it is awakened, typically by being notified or interrupted.

Public methods

clearCallback

Added in API level 34
public static void clearCallback ()

Clears the current validation mechanism by setting the current callback instance to a default validation.

setCallback

Added in API level 34
public static void setCallback (ZipPathValidator.Callback callback)

Sets the current callback implementation for zip paths.

The provided callback should not perform IO or any blocking operations, but only perform path validation. A typical implementation will validate String entries in a single pass and throw a ZipException if the path contains potentially hazardous components such as "..".

Parameters
callback ZipPathValidator.Callback: An instance of Callback's implementation. This value cannot be null.