rspec/rules/S5042/description.adoc


			
				
					
						
						
						
							
							
							Successful Zip Bomb attacks occur when an application expands untrusted archive files without controlling the size of the expanded data, which can lead to denial of service. A Zip bomb is usually a malicious archive file of a few kilobytes of compressed data but turned into gigabytes of uncompressed data. To achieve this extreme https://en.wikipedia.org/wiki/Data_compression_ratio[compression ratio], attackers will compress irrelevant data (eg: a long string of repeated bytes). 

						
						
					
				
				
					
						Reference in New Issue
					
					View Git Blame
					Copy Permalink