11 lines
635 B
Plaintext
11 lines
635 B
Plaintext
=== on 24 May 2018, 13:51:37 Alexandre Gigleux wrote:
|
|
Related and not fully linked to this RSPEC
|
|
|
|
Using https://commons.apache.org/proper/commons-compress/[Apache Common Compress] 1.17 and it's new ``++InputStreamStatistics++`` can help to detect abnormally high compression ratios that may indicate a ZIP bomb during decompression as described in https://wiki.sei.cmu.edu/confluence/display/java/IDS04-J.+Safely+extract+files+from+ZipInputStream[CERT, IDS04-J.]
|
|
|
|
|
|
|
|
=== on 26 Nov 2018, 17:48:21 Michael Gumowski wrote:
|
|
Dropping the rule from SonarWay, as 1st implementation is not reaching sufficient quality when looking at results.
|
|
|