protected int copyZipEntryToTempFile()

in src/main/java/org/apache/sling/jcr/contentloader/internal/readers/ZipReader.java [204:237]

• 25 lines of code
• 5 McCabe index (conditional complexity)

    protected int copyZipEntryToTempFile(File tempFile, ZipInputStream zis, ZipEntry entry, int totalSizeArchive,
            int totalEntryArchive) throws IOException {
        int nBytes = -1;
        byte[] buffer = new byte[2048];
        int totalSizeEntry = 0;

        // read the entry to a temp file so we can check the contents against
        //  the configured thresholds
        try (InputStream in = new BufferedInputStream(CloseShieldInputStream.wrap(zis));
                OutputStream out = new BufferedOutputStream(new FileOutputStream(tempFile))) {
            while ((nBytes = in.read(buffer)) > 0) { // Compliant
                out.write(buffer, 0, nBytes);
                totalSizeEntry += nBytes;
                totalSizeArchive += nBytes;

                double compressionRatio = (double)totalSizeEntry / entry.getCompressedSize();
                if (compressionRatio > thresholdRatio) {
                    // ratio between compressed and uncompressed data is highly suspicious, looks like a Zip Bomb Attack
                    throw new IOException("The compression ratio exceeded the allowed threshold");
                }
            }

            if (totalSizeArchive > thresholdSize) {
                // the uncompressed data size is too much for the application resource capacity
                throw new IOException("The total size of the archive exceeded the allowed threshold");
            }

            if (totalEntryArchive > thresholdEntries) {
                // too many entries in this archive, can lead to inodes exhaustion of the system
                throw new IOException("The total entries count of the archive exceeded the allowed threshold");
            }
        }
        return totalSizeArchive;
    }