List of usage examples for org.apache.poi.openxml4j.util ZipSecureFile setMinInflateRatio
public static void setMinInflateRatio(double ratio)
From source file:com.github.ukase.service.XlsxRenderer.java
License:Open Source License
@Autowired public XlsxRenderer(ResourceProvider provider) { this.provider = provider; // for some xlsx-files default secure ratio can cause IOException "Zip bomb detected!" // for more information see ZipSecureFile:advance ZipSecureFile.setMinInflateRatio(0.005d); }
From source file:de.jlo.talendcomp.excel.SpreadsheetFile.java
License:Apache License
public void initializeWorkbook() throws Exception { if (inputFile != null) { // open existing files if (currentType == SpreadsheetTyp.XLS) { if (readPassword != null) { try { // switch on decryption Biff8EncryptionKey.setCurrentUserPassword(readPassword); FileInputStream fin = new FileInputStream(inputFile); workbook = new HSSFWorkbook(fin); fin.close();/*from w w w . ja v a 2 s.c o m*/ } finally { // switch off Biff8EncryptionKey.setCurrentUserPassword(null); readPassword = null; } } else { FileInputStream fin = new FileInputStream(inputFile); workbook = new HSSFWorkbook(fin); fin.close(); } } else if (currentType == SpreadsheetTyp.XLSX) { if (createStreamingXMLWorkbook) { FileInputStream fin = new FileInputStream(inputFile); try { ZipSecureFile.setMinInflateRatio(0); workbook = new SXSSFWorkbook(new XSSFWorkbook(fin), rowAccessWindow); } finally { if (fin != null) { try { fin.close(); } catch (IOException ioe) { // ignore } } } } else { if (readPassword != null) { FileInputStream fin = new FileInputStream(inputFile); POIFSFileSystem filesystem = new POIFSFileSystem(fin); EncryptionInfo info = new EncryptionInfo(filesystem); Decryptor d = Decryptor.getInstance(info); InputStream dataStream = null; try { if (!d.verifyPassword(readPassword)) { throw new Exception( "Unable to process: document is encrypted and given password does not match!"); } // decrypt dataStream = d.getDataStream(filesystem); // use open input stream workbook = new XSSFWorkbook(dataStream); dataStream.close(); } catch (GeneralSecurityException ex) { throw new Exception("Unable to read and parse encrypted document", ex); } finally { if (dataStream != null) { try { dataStream.close(); } catch (IOException ioe) { // ignore } } if (fin != null) { try { fin.close(); } catch (IOException ioe) { // ignore } } } readPassword = null; } else { FileInputStream fin = new FileInputStream(inputFile); try { workbook = new XSSFWorkbook(fin); } finally { if (fin != null) { try { fin.close(); } catch (IOException ioe) { // ignore } } } } } } } else { // create new workbooks if (currentType == SpreadsheetTyp.XLS) { workbook = new HSSFWorkbook(); } else if (currentType == SpreadsheetTyp.XLSX) { if (createStreamingXMLWorkbook) { workbook = new SXSSFWorkbook(new XSSFWorkbook(), rowAccessWindow); } else { workbook = new XSSFWorkbook(); } } } setupDataFormatStyle(); }
From source file:org.pentaho.di.trans.steps.excelinput.ExcelInput.java
License:Apache License
/** * This method is responsible for setting the configuration values that control how the ZipSecureFile class behaves * when trying to detect zipbombs (check PDI-17586 for more details). *//*from w ww.j a va 2 s. c o m*/ protected void setZipBombConfiguration() { // The minimum allowed ratio between de- and inflated bytes to detect a zipbomb. String minInflateRatioVariable = EnvUtil.getSystemProperty(Const.KETTLE_ZIP_MIN_INFLATE_RATIO, Const.KETTLE_ZIP_MIN_INFLATE_RATIO_DEFAULT_STRING); double minInflateRatio; try { minInflateRatio = Double.parseDouble(minInflateRatioVariable); } catch (NullPointerException | NumberFormatException e) { minInflateRatio = Const.KETTLE_ZIP_MIN_INFLATE_RATIO_DEFAULT; } ZipSecureFile.setMinInflateRatio(minInflateRatio); // The maximum file size of a single zip entry. String maxEntrySizeVariable = EnvUtil.getSystemProperty(Const.KETTLE_ZIP_MAX_ENTRY_SIZE, Const.KETTLE_ZIP_MAX_ENTRY_SIZE_DEFAULT_STRING); long maxEntrySize; try { maxEntrySize = Long.parseLong(maxEntrySizeVariable); } catch (NullPointerException | NumberFormatException e) { maxEntrySize = Const.KETTLE_ZIP_MAX_ENTRY_SIZE_DEFAULT; } ZipSecureFile.setMaxEntrySize(maxEntrySize); // The maximum number of characters of text that are extracted before an exception is thrown during extracting // text from documents. String maxTextSizeVariable = EnvUtil.getSystemProperty(Const.KETTLE_ZIP_MAX_TEXT_SIZE, Const.KETTLE_ZIP_MAX_TEXT_SIZE_DEFAULT_STRING); long maxTextSize; try { maxTextSize = Long.parseLong(maxTextSizeVariable); } catch (NullPointerException | NumberFormatException e) { maxTextSize = Const.KETTLE_ZIP_MAX_TEXT_SIZE_DEFAULT; } ZipSecureFile.setMaxTextSize(maxTextSize); }
From source file:org.pentaho.di.trans.steps.excelinput.ExcelInputContentParsingTest.java
License:Apache License
@Test public void testZipBombConfiguration_Default() throws Exception { // First set some random values Long bogusMaxEntrySize = 1000L; ZipSecureFile.setMaxEntrySize(bogusMaxEntrySize); Long bogusMaxTextSize = 1000L; ZipSecureFile.setMaxTextSize(bogusMaxTextSize); Double bogusMinInflateRatio = 0.5d; ZipSecureFile.setMinInflateRatio(bogusMinInflateRatio); // Verify that the bogus values were set assertEquals(bogusMaxEntrySize, (Long) ZipSecureFile.getMaxEntrySize()); assertEquals(bogusMaxTextSize, (Long) ZipSecureFile.getMaxTextSize()); assertEquals(bogusMinInflateRatio, (Double) ZipSecureFile.getMinInflateRatio()); // Initializing the ExcelInput step should make the new values to be set meta.setSpreadSheetType(SpreadSheetType.SAX_POI); init("Balance_Type_Codes.xlsx"); // Verify that the default values were used assertEquals(Const.KETTLE_ZIP_MAX_ENTRY_SIZE_DEFAULT, (Long) ZipSecureFile.getMaxEntrySize()); assertEquals(Const.KETTLE_ZIP_MAX_TEXT_SIZE_DEFAULT, (Long) ZipSecureFile.getMaxTextSize()); assertEquals(Const.KETTLE_ZIP_MIN_INFLATE_RATIO_DEFAULT, (Double) ZipSecureFile.getMinInflateRatio()); }