Comments (4)
How do you understand this warning?
In my honest opinion it's not related to zip_open
. It's about, how someone can compress e.g. GB of zeros what can end up with very tiny zip archive but after unziping it's full of garbage.
So, be careful how/where do you compress your data, but it's not related to this particular call.
Moreover, in your example, you're compressing data, you're passing inFile
s, so it's your app responsibility to check if these files are garbage, or not.
from zip.
Yes, agree, and it is trusted data. I just wonder if I could do something from the zip_open()
call, like passing a flag, to avoid the security hotspot warning.
from zip.
No, because this warning is very informative/generic.
SonarQuebe didn't analyze the zip library, just posted some info related to zip archives from DB (the same stuff you can find for some PHP library: https://rules.sonarsource.com/php/RSPEC-5042).
I would recommend to try real static analysis tools, like cpp-check, infer, clang static analysis or PVS studio.
from zip.
Thank you, Kuba, I appreciate your input.
from zip.
Related Issues (20)
- Warnings HOT 1
- zip_create Why does create not support directory creation! HOT 3
- zip_extract The extracted file name is garbled and does not support Chinese name extraction HOT 1
- typedef conflict HOT 1
- zip_close error when opening zip archive in read mode HOT 5
- Check if file or stream is a valid "zip" archive HOT 10
- 64-bit Linux compatibility HOT 3
- Can CodeQL scans be enabled for this repository? HOT 1
- Bindings HOT 7
- Remove zip entries by index. HOT 2
- redefinition of 's_tdefl_num_probes' when `miniz.h` included in cpp HOT 1
- Find offset of a file in a zip file? HOT 6
- Issue when deleting files HOT 3
- Failed to compile with Android Studio NDK r26b HOT 1
- zip_entries_delete fails for in memory stream zip HOT 12
- Reading a portion of the file HOT 6
- Multiple issues with zip file HOT 7
- Code for supporting direct usage of file streams (FILE *) HOT 1
- miniz.h: surround function definitions with an #ifdef HOT 2
- Failed to build 32-bit with gcc HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from zip.