jessikitty/jadx
1
0
Fork 0
Code Issues Pull Requests 1 Actions 1 Packages Projects Releases Wiki Activity

feat: custom zip reader implementation to fight tampering

Browse Source 
fix(zip): use size info from CD if LFH entry is incorrect

refactor: move custom zip implementation into new module

feat: move ZipSecurity into jadx-zip module
This commit is contained in:
Skylot
2025-02-23 20:51:28 +00:00
parent 5d720dd29c
commit d84f0389ec
54 changed files with 1557 additions and 514 deletions
Download Patch File Download Diff File Expand all files Collapse all files
jadx-plugins-tools/src/main/java/jadx/plugins/tools/JadxPluginsList.java
+4 -3
View File
@@ -15,7 +15,6 @@ import org.jetbrains.annotations.Nullable;
import com.google.gson.Gson;
import com.google.gson.reflect.TypeToken;
import jadx.api.plugins.utils.ZipSecurity;
import jadx.core.utils.files.FileUtils;
import jadx.plugins.tools.data.JadxPluginListCache;
import jadx.plugins.tools.data.JadxPluginMetadata;
@@ -24,6 +23,7 @@ import jadx.plugins.tools.resolvers.github.LocationInfo;
import jadx.plugins.tools.resolvers.github.data.Asset;
import jadx.plugins.tools.resolvers.github.data.Release;
import jadx.plugins.tools.utils.PluginUtils;
import jadx.zip.ZipReader;
import static jadx.core.utils.GsonUtils.buildGson;
import static jadx.plugins.tools.utils.PluginFiles.PLUGINS_LIST_CACHE;
@@ -125,14 +125,15 @@ public class JadxPluginsList {
private static List<JadxPluginMetadata> loadListBundle(Path tmpListFile) {
Gson gson = buildGson();
List<JadxPluginMetadata> entries = new ArrayList<>();
ZipSecurity.readZipEntries(tmpListFile.toFile(), (entry, in) -> {
new ZipReader().visitEntries(tmpListFile.toFile(), entry -> {
if (entry.getName().endsWith(".json")) {
try (Reader reader = new InputStreamReader(in)) {
try (Reader reader = new InputStreamReader(entry.getInputStream())) {
entries.addAll(gson.fromJson(reader, LIST_TYPE));
} catch (Exception e) {
throw new RuntimeException("Failed to read plugins list entry: " + entry.getName());
}
}
return null;
});
return entries;
}