org.apache.poi.openxml4j.util.ZipSecureFile Java Examples

The following examples show how to use org.apache.poi.openxml4j.util.ZipSecureFile. You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
Source File: ExcelInputContentParsingTest.java    From hop with Apache License 2.0 6 votes vote down vote up
@Test
public void testZipBombConfiguration_Default() throws Exception {

  // First set some random values
  Long bogusMaxEntrySize = 1000L;
  ZipSecureFile.setMaxEntrySize( bogusMaxEntrySize );
  Long bogusMaxTextSize = 1000L;
  ZipSecureFile.setMaxTextSize( bogusMaxTextSize );
  Double bogusMinInflateRatio = 0.5d;
  ZipSecureFile.setMinInflateRatio( bogusMinInflateRatio );

  // Verify that the bogus values were set
  assertEquals( bogusMaxEntrySize, (Long) ZipSecureFile.getMaxEntrySize() );
  assertEquals( bogusMaxTextSize, (Long) ZipSecureFile.getMaxTextSize() );
  assertEquals( bogusMinInflateRatio, (Double) ZipSecureFile.getMinInflateRatio() );

  // Initializing the ExcelInput transform should make the new values to be set
  meta.setSpreadSheetType( SpreadSheetType.SAX_POI );
  init( "Balance_Type_Codes.xlsx" );

  // Verify that the default values were used
  assertEquals( Const.HOP_ZIP_MAX_ENTRY_SIZE_DEFAULT, (Long) ZipSecureFile.getMaxEntrySize() );
  assertEquals( Const.HOP_ZIP_MAX_TEXT_SIZE_DEFAULT, (Long) ZipSecureFile.getMaxTextSize() );
  assertEquals( Const.HOP_ZIP_MIN_INFLATE_RATIO_DEFAULT, (Double) ZipSecureFile.getMinInflateRatio() );
}
 
Example #2
Source File: ExcelInputContentParsingTest.java    From hop with Apache License 2.0 6 votes vote down vote up
@Test
public void testZipBombConfiguration() throws Exception {
  Long maxEntrySizeVal = 3L * 1024 * 1024 * 1024;
  Long maxTextSizeVal = 2L * 1024 * 1024 * 1024;
  Double minInflateRatioVal = 0.123d;

  // First set the property values
  System.setProperty( Const.HOP_ZIP_MAX_ENTRY_SIZE, maxEntrySizeVal.toString() );
  System.setProperty( Const.HOP_ZIP_MAX_TEXT_SIZE, maxTextSizeVal.toString() );
  System.setProperty( Const.HOP_ZIP_MIN_INFLATE_RATIO, minInflateRatioVal.toString() );
  //ExcelInput excelInput = new ExcelInput( null, null, 0, null, null );

  // Initializing the ExcelInput transform should make the new values to be set

  meta.setSpreadSheetType( SpreadSheetType.SAX_POI );
  init( "Balance_Type_Codes.xlsx" );

  // Verify that the setted values were used
  assertEquals( maxEntrySizeVal, (Long) ZipSecureFile.getMaxEntrySize() );
  assertEquals( maxTextSizeVal, (Long) ZipSecureFile.getMaxTextSize() );
  assertEquals( minInflateRatioVal, (Double) ZipSecureFile.getMinInflateRatio() );
}
 
Example #3
Source File: ExcelInputContentParsingTest.java    From hop with Apache License 2.0 6 votes vote down vote up
@Test
public void testXLSXCompressionRatioIsBig() throws Exception {

  // For this zip to be correctly handed, we need to allow a lower inflate ratio
  Double minInflateRatio = 0.007d;
  System.setProperty( Const.HOP_ZIP_MIN_INFLATE_RATIO, minInflateRatio.toString() );

  meta.setSpreadSheetType( SpreadSheetType.SAX_POI );
  init( "Balance_Type_Codes.xlsx" );

  // Verify that the minimum allowed inflate ratio is the expected
  assertEquals( minInflateRatio, (Double) ZipSecureFile.getMinInflateRatio() );

  setFields( new ExcelInputField( "FIST ID", -1, -1 ), new ExcelInputField( "SOURCE SYSTEM", -1, -1 ) );

  process();

  checkErrors();
  checkContent( new Object[][] { { "FIST0200", "ACM" } } );
}
 
Example #4
Source File: ExcelInputContentParsingTest.java    From hop with Apache License 2.0 6 votes vote down vote up
@Test
public void testZipBombConfiguration_Default() throws Exception {

  // First set some random values
  Long bogusMaxEntrySize = 1000L;
  ZipSecureFile.setMaxEntrySize( bogusMaxEntrySize );
  Long bogusMaxTextSize = 1000L;
  ZipSecureFile.setMaxTextSize( bogusMaxTextSize );
  Double bogusMinInflateRatio = 0.5d;
  ZipSecureFile.setMinInflateRatio( bogusMinInflateRatio );

  // Verify that the bogus values were set
  assertEquals( bogusMaxEntrySize, (Long) ZipSecureFile.getMaxEntrySize() );
  assertEquals( bogusMaxTextSize, (Long) ZipSecureFile.getMaxTextSize() );
  assertEquals( bogusMinInflateRatio, (Double) ZipSecureFile.getMinInflateRatio() );

  // Initializing the ExcelInput transform should make the new values to be set
  meta.setSpreadSheetType( SpreadSheetType.SAX_POI );
  init( "Balance_Type_Codes.xlsx" );

  // Verify that the default values were used
  assertEquals( Const.HOP_ZIP_MAX_ENTRY_SIZE_DEFAULT, (Long) ZipSecureFile.getMaxEntrySize() );
  assertEquals( Const.HOP_ZIP_MAX_TEXT_SIZE_DEFAULT, (Long) ZipSecureFile.getMaxTextSize() );
  assertEquals( Const.HOP_ZIP_MIN_INFLATE_RATIO_DEFAULT, (Double) ZipSecureFile.getMinInflateRatio() );
}
 
Example #5
Source File: ExcelInputContentParsingTest.java    From hop with Apache License 2.0 6 votes vote down vote up
@Test
public void testZipBombConfiguration() throws Exception {
  Long maxEntrySizeVal = 3L * 1024 * 1024 * 1024;
  Long maxTextSizeVal = 2L * 1024 * 1024 * 1024;
  Double minInflateRatioVal = 0.123d;

  // First set the property values
  System.setProperty( Const.HOP_ZIP_MAX_ENTRY_SIZE, maxEntrySizeVal.toString() );
  System.setProperty( Const.HOP_ZIP_MAX_TEXT_SIZE, maxTextSizeVal.toString() );
  System.setProperty( Const.HOP_ZIP_MIN_INFLATE_RATIO, minInflateRatioVal.toString() );
  //ExcelInput excelInput = new ExcelInput( null, null, 0, null, null );

  // Initializing the ExcelInput transform should make the new values to be set

  meta.setSpreadSheetType( SpreadSheetType.SAX_POI );
  init( "Balance_Type_Codes.xlsx" );

  // Verify that the setted values were used
  assertEquals( maxEntrySizeVal, (Long) ZipSecureFile.getMaxEntrySize() );
  assertEquals( maxTextSizeVal, (Long) ZipSecureFile.getMaxTextSize() );
  assertEquals( minInflateRatioVal, (Double) ZipSecureFile.getMinInflateRatio() );
}
 
Example #6
Source File: ExcelInputContentParsingTest.java    From hop with Apache License 2.0 6 votes vote down vote up
@Test
public void testXLSXCompressionRatioIsBig() throws Exception {

  // For this zip to be correctly handed, we need to allow a lower inflate ratio
  Double minInflateRatio = 0.007d;
  System.setProperty( Const.HOP_ZIP_MIN_INFLATE_RATIO, minInflateRatio.toString() );

  meta.setSpreadSheetType( SpreadSheetType.SAX_POI );
  init( "Balance_Type_Codes.xlsx" );

  // Verify that the minimum allowed inflate ratio is the expected
  assertEquals( minInflateRatio, (Double) ZipSecureFile.getMinInflateRatio() );

  setFields( new ExcelInputField( "FIST ID", -1, -1 ), new ExcelInputField( "SOURCE SYSTEM", -1, -1 ) );

  process();

  checkErrors();
  checkContent( new Object[][] { { "FIST0200", "ACM" } } );
}
 
Example #7
Source File: POIUtils.java    From FEBS-Security with Apache License 2.0 6 votes vote down vote up
static void writeByLocalOrBrowser(HttpServletResponse response, String fileName, SXSSFWorkbook wb, OutputStream out) {
    try {
        ZipSecureFile.setMinInflateRatio(0L);
        if (response != null) {
            // response对象不为空,响应到浏览器下载
            response.setContentType(FebsConstant.XLSX_CONTENT_TYPE);
            response.setHeader("Content-disposition", "attachment; filename="
                    + URLEncoder.encode(String.format("%s%s", fileName, FebsConstant.XLSX_SUFFIX), "UTF-8"));
            if (out == null) {
                out = response.getOutputStream();
            }
        }
        wb.write(out);
        out.flush();
        out.close();
    } catch (Exception e) {
        log.error(e.getMessage());
    }

}
 
Example #8
Source File: ExcelInputContentParsingTest.java    From pentaho-kettle with Apache License 2.0 6 votes vote down vote up
@Test
public void testZipBombConfiguration_Default() throws Exception {

  // First set some random values
  Long bogusMaxEntrySize = 1000L;
  ZipSecureFile.setMaxEntrySize( bogusMaxEntrySize );
  Long bogusMaxTextSize = 1000L;
  ZipSecureFile.setMaxTextSize( bogusMaxTextSize );
  Double bogusMinInflateRatio = 0.5d;
  ZipSecureFile.setMinInflateRatio( bogusMinInflateRatio );

  // Verify that the bogus values were set
  assertEquals( bogusMaxEntrySize, (Long) ZipSecureFile.getMaxEntrySize() );
  assertEquals( bogusMaxTextSize, (Long) ZipSecureFile.getMaxTextSize() );
  assertEquals( bogusMinInflateRatio, (Double) ZipSecureFile.getMinInflateRatio() );

  // Initializing the ExcelInput step should make the new values to be set
  meta.setSpreadSheetType( SpreadSheetType.SAX_POI );
  System.setProperty( Const.KETTLE_XLSX_ZIP_BOMB_CHECK, Boolean.TRUE.toString() );
  init( "Balance_Type_Codes.xlsx" );

  // Verify that the default values were used
  assertEquals( Const.KETTLE_ZIP_MAX_ENTRY_SIZE_DEFAULT, (Long) ZipSecureFile.getMaxEntrySize() );
  assertEquals( Const.KETTLE_ZIP_MAX_TEXT_SIZE_DEFAULT, (Long) ZipSecureFile.getMaxTextSize() );
  assertEquals( Const.KETTLE_ZIP_MIN_INFLATE_RATIO_DEFAULT, (Double) ZipSecureFile.getMinInflateRatio() );
}
 
Example #9
Source File: ExcelInputContentParsingTest.java    From pentaho-kettle with Apache License 2.0 6 votes vote down vote up
@Test
public void testZipBombConfiguration_CheckDisabled() throws Exception {

  Double bogusMinInflateRatio = 0.5d;
  ZipSecureFile.setMinInflateRatio( bogusMinInflateRatio );

  // Verify the Min Inflate Ratio was set
  assertEquals( bogusMinInflateRatio, (Double) ZipSecureFile.getMinInflateRatio() );

  // Initializing the ExcelInput step should make the new values to be set
  meta.setSpreadSheetType( SpreadSheetType.SAX_POI );
  // Disabling the zip bomb checking property
  System.setProperty( Const.KETTLE_XLSX_ZIP_BOMB_CHECK, Boolean.FALSE.toString() );
  init( "Balance_Type_Codes.xlsx" );

  assertEquals( Const.KETTLE_ZIP_NEGATIVE_MIN_INFLATE, (Double) ZipSecureFile.getMinInflateRatio() );
}
 
Example #10
Source File: ExcelInputContentParsingTest.java    From pentaho-kettle with Apache License 2.0 6 votes vote down vote up
@Test
public void testZipBombConfiguration() throws Exception {
  Long maxEntrySizeVal = 3L * 1024 * 1024 * 1024;
  Long maxTextSizeVal = 2L * 1024 * 1024 * 1024;
  Double minInflateRatioVal = 0.123d;

  // First set the property values
  System.setProperty( Const.KETTLE_ZIP_MAX_ENTRY_SIZE, maxEntrySizeVal.toString() );
  System.setProperty( Const.KETTLE_ZIP_MAX_TEXT_SIZE, maxTextSizeVal.toString() );
  System.setProperty( Const.KETTLE_ZIP_MIN_INFLATE_RATIO, minInflateRatioVal.toString() );
  System.setProperty( Const.KETTLE_XLSX_ZIP_BOMB_CHECK, Boolean.TRUE.toString() );
  //ExcelInput excelInput = new ExcelInput( null, null, 0, null, null );

  // Initializing the ExcelInput step should make the new values to be set

  meta.setSpreadSheetType( SpreadSheetType.SAX_POI );
  init( "Balance_Type_Codes.xlsx" );

  // Verify that the setted values were used
  assertEquals( maxEntrySizeVal, (Long) ZipSecureFile.getMaxEntrySize() );
  assertEquals( maxTextSizeVal, (Long) ZipSecureFile.getMaxTextSize() );
  assertEquals( minInflateRatioVal, (Double) ZipSecureFile.getMinInflateRatio() );
}
 
Example #11
Source File: ExcelInputContentParsingTest.java    From pentaho-kettle with Apache License 2.0 6 votes vote down vote up
@Test
public void testXLSXCompressionRatioIsBig() throws Exception {

  // For this zip to be correctly handed, we need to allow a lower inflate ratio
  Double minInflateRatio = 0.007d;
  System.setProperty( Const.KETTLE_ZIP_MIN_INFLATE_RATIO, minInflateRatio.toString() );
  System.setProperty( Const.KETTLE_XLSX_ZIP_BOMB_CHECK, Boolean.TRUE.toString() );

  meta.setSpreadSheetType( SpreadSheetType.SAX_POI );
  init( "Balance_Type_Codes.xlsx" );

  // Verify that the minimum allowed inflate ratio is the expected
  assertEquals( minInflateRatio, (Double) ZipSecureFile.getMinInflateRatio() );

  setFields( new ExcelInputField( "FIST ID", -1, -1 ), new ExcelInputField( "SOURCE SYSTEM", -1, -1 ) );

  process();

  checkErrors();
  checkContent( new Object[][] { { "FIST0200", "ACM" } } );
}
 
Example #12
Source File: Issue329.java    From poi-tl with Apache License 2.0 5 votes vote down vote up
@SuppressWarnings("serial")
@Test
public void testDocxTemplateRender() throws Exception {

    // TimeUnit.SECONDS.sleep(20);

    Map<String, Object> datas = new HashMap<String, Object>() {
        {
            // 循环合并模板
            put("docx_template", new DocxRenderData(
                    new File("src/test/resources/template/render_include_merge_template.docx"), dataList));
        }
    };

    // Zip Bomb detected
    ZipSecureFile.setMinInflateRatio(-1.0d);

    XWPFTemplate template = XWPFTemplate.compile("src/test/resources/template/render_include.docx")
            .render(datas);

    template.writeToFile("out_issue_329.docx");

    //System.out.println("game over................");

    //TimeUnit.SECONDS.sleep(10);

}