Added in API level 34
ZipPathValidator
public
final
class
ZipPathValidator
extends Object
| java.lang.Object | |
| ↳ | dalvik.system.ZipPathValidator |
Enables validation of zip file entry paths to prevent exploitation of the path traversal vulnerability, e.g. zip path entries containing ".." or "/". For more details, read this.
The default implementation accepts all zip file entry paths without raising any exceptions.
For custom validation rules, the core functionality should be implemented in a Callback
interface and that instance should be set in setCallback(dalvik.system.ZipPathValidator.Callback).
Existing validation could be set to a default one by calling clearCallback().
Summary
Nested classes | |
|---|---|
interface |
ZipPathValidator.Callback
Interface that defines the core validation mechanism when accessing zip file entry paths. |
Public methods | |
|---|---|
static
void
|
clearCallback()
Clears the current validation mechanism by setting the current callback instance to a default validation. |
static
void
|
setCallback(ZipPathValidator.Callback callback)
Sets the current callback implementation for zip paths. |
Inherited methods | |
|---|---|
Public methods
clearCallback
Added in API level 34
public static void clearCallback ()
Clears the current validation mechanism by setting the current callback instance to a default validation.
setCallback
Added in API level 34
public static void setCallback (ZipPathValidator.Callback callback)
Sets the current callback implementation for zip paths.
The provided callback should not perform IO or any blocking operations, but only perform path
validation. A typical implementation will validate String entries in a single pass and throw
a ZipException if the path contains potentially hazardous components such as "..".
| Parameters | |
|---|---|
callback |
ZipPathValidator.Callback: An instance of Callback's implementation.
This value cannot be null. |
Content and code samples on this page are subject to the licenses described in the Content License. Java and OpenJDK are trademarks or registered trademarks of Oracle and/or its affiliates.
Last updated 2025-02-10 UTC.
[null,null,["Last updated 2025-02-10 UTC."],[],[],null,["# ZipPathValidator\n\nAdded in [API level 34](/guide/topics/manifest/uses-sdk-element#ApiLevels) \nSummary: [Nested Classes](#nestedclasses) \\| [Methods](#pubmethods) \\| [Inherited Methods](#inhmethods) \n\nZipPathValidator\n================\n\n\n`\npublic\n\nfinal\n\nclass\nZipPathValidator\n`\n\n\n`\n\nextends `[Object](/reference/java/lang/Object)`\n\n\n`\n\n`\n\n\n`\n\n|---|--------------------------------|\n| [java.lang.Object](/reference/java/lang/Object) ||\n| ↳ | dalvik.system.ZipPathValidator |\n\n\u003cbr /\u003e\n\n*** ** * ** ***\n\nEnables validation of zip file entry paths to prevent exploitation of the path traversal\nvulnerability, e.g. zip path entries containing \"..\" or \"/\". For more details, read\n[this](https://developer.android.com/topic/security/risks/zip-path-traversal).\n\n\nThe default implementation accepts all zip file entry paths without raising any exceptions.\n\n\nFor custom validation rules, the core functionality should be implemented in a [Callback](/reference/dalvik/system/ZipPathValidator.Callback)\ninterface and that instance should be set in [setCallback(dalvik.system.ZipPathValidator.Callback)](/reference/dalvik/system/ZipPathValidator#setCallback(dalvik.system.ZipPathValidator.Callback)).\n\n\nExisting validation could be set to a default one by calling [clearCallback()](/reference/dalvik/system/ZipPathValidator#clearCallback()).\n\nSummary\n-------\n\n| ### Nested classes ||\n|--------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------|\n| ` interface` | [ZipPathValidator.Callback](/reference/dalvik/system/ZipPathValidator.Callback) Interface that defines the core validation mechanism when accessing zip file entry paths. |\n\n| ### Public methods ||\n|----------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|\n| ` static void` | ` `[clearCallback](/reference/dalvik/system/ZipPathValidator#clearCallback())`() ` Clears the current validation mechanism by setting the current callback instance to a default validation. |\n| ` static void` | ` `[setCallback](/reference/dalvik/system/ZipPathValidator#setCallback(dalvik.system.ZipPathValidator.Callback))`(`[ZipPathValidator.Callback](/reference/dalvik/system/ZipPathValidator.Callback)` callback) ` Sets the current callback implementation for zip paths. |\n\n| ### Inherited methods |\n|-----------------------|---|\n| From class ` `[java.lang.Object](/reference/java/lang/Object)` ` |---------------------------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| | ` `[Object](/reference/java/lang/Object) | ` `[clone](/reference/java/lang/Object#clone())`() ` Creates and returns a copy of this object. | | ` boolean` | ` `[equals](/reference/java/lang/Object#equals(java.lang.Object))`(`[Object](/reference/java/lang/Object)` obj) ` Indicates whether some other object is \"equal to\" this one. | | ` void` | ` `[finalize](/reference/java/lang/Object#finalize())`() ` Called by the garbage collector on an object when garbage collection determines that there are no more references to the object. | | ` final `[Class](/reference/java/lang/Class)`\u003c?\u003e` | ` `[getClass](/reference/java/lang/Object#getClass())`() ` Returns the runtime class of this `Object`. | | ` int` | ` `[hashCode](/reference/java/lang/Object#hashCode())`() ` Returns a hash code value for the object. | | ` final void` | ` `[notify](/reference/java/lang/Object#notify())`() ` Wakes up a single thread that is waiting on this object's monitor. | | ` final void` | ` `[notifyAll](/reference/java/lang/Object#notifyAll())`() ` Wakes up all threads that are waiting on this object's monitor. | | ` `[String](/reference/java/lang/String) | ` `[toString](/reference/java/lang/Object#toString())`() ` Returns a string representation of the object. | | ` final void` | ` `[wait](/reference/java/lang/Object#wait(long,%20int))`(long timeoutMillis, int nanos) ` Causes the current thread to wait until it is awakened, typically by being *notified* or *interrupted*, or until a certain amount of real time has elapsed. | | ` final void` | ` `[wait](/reference/java/lang/Object#wait(long))`(long timeoutMillis) ` Causes the current thread to wait until it is awakened, typically by being *notified* or *interrupted*, or until a certain amount of real time has elapsed. | | ` final void` | ` `[wait](/reference/java/lang/Object#wait())`() ` Causes the current thread to wait until it is awakened, typically by being *notified* or *interrupted*. | ||\n\nPublic methods\n--------------\n\n### clearCallback\n\nAdded in [API level 34](/guide/topics/manifest/uses-sdk-element#ApiLevels) \n\n```\npublic static void clearCallback ()\n```\n\nClears the current validation mechanism by setting the current callback instance to a default\nvalidation.\n\n\u003cbr /\u003e\n\n### setCallback\n\nAdded in [API level 34](/guide/topics/manifest/uses-sdk-element#ApiLevels) \n\n```\npublic static void setCallback (ZipPathValidator.Callback callback)\n```\n\nSets the current callback implementation for zip paths.\n\n\nThe provided callback should not perform IO or any blocking operations, but only perform path\nvalidation. A typical implementation will validate String entries in a single pass and throw\na [ZipException](/reference/java/util/zip/ZipException) if the path contains potentially hazardous components such as \"..\".\n\n\u003cbr /\u003e\n\n| Parameters ||\n|------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------|\n| `callback` | `ZipPathValidator.Callback`: An instance of [Callback](/reference/dalvik/system/ZipPathValidator.Callback)'s implementation. This value cannot be `null`. \u003cbr /\u003e |"]]