mirror of
https://github.com/anchore/syft.git
synced 2025-11-17 16:33:21 +01:00
22 lines
566 B
Go
22 lines
566 B
Go
package archive
|
|
|
|
import (
|
|
"errors"
|
|
"fmt"
|
|
"io"
|
|
|
|
"github.com/anchore/syft/syft/file"
|
|
)
|
|
|
|
const perFileReadLimit = 2 * file.GB
|
|
|
|
// safeCopy limits the copy from the reader. This is useful when extracting files from archives to
|
|
// protect against decompression bomb attacks.
|
|
func safeCopy(writer io.Writer, reader io.Reader) error {
|
|
numBytes, err := io.Copy(writer, io.LimitReader(reader, perFileReadLimit))
|
|
if numBytes >= perFileReadLimit || errors.Is(err, io.EOF) {
|
|
return fmt.Errorf("zip read limit hit (potential decompression bomb attack)")
|
|
}
|
|
return nil
|
|
}
|