ZipPathValidator
class ZipPathValidator
Enables validation of zip file entry paths to prevent exploitation of the path traversal vulnerability, e.g. zip path entries containing ".." or "/". For more details, read this.
The default implementation accepts all zip file entry paths without raising any exceptions.
For custom validation rules, the core functionality should be implemented in a Callback interface and that instance should be set in setCallback(dalvik.system.ZipPathValidator.Callback).
Existing validation could be set to a default one by calling clearCallback().
Summary
| Nested classes | |
|---|---|
| abstract |
Interface that defines the core validation mechanism when accessing zip file entry paths. |
| Public methods | |
|---|---|
| static Unit |
Clears the current validation mechanism by setting the current callback instance to a default validation. |
| static Unit |
setCallback(callback: ZipPathValidator.Callback)Sets the current callback implementation for zip paths. |
Public methods
clearCallback
static fun clearCallback(): Unit
Clears the current validation mechanism by setting the current callback instance to a default validation.
setCallback
static fun setCallback(callback: ZipPathValidator.Callback): Unit
Sets the current callback implementation for zip paths.
The provided callback should not perform IO or any blocking operations, but only perform path validation. A typical implementation will validate String entries in a single pass and throw a ZipException if the path contains potentially hazardous components such as "..".
| Parameters | |
|---|---|
callback |
ZipPathValidator.Callback: An instance of Callback's implementation. This value cannot be null. |