[
https://issues.apache.org/jira/browse/TIKA-860?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16103425#comment-16103425
]
Nicholas DiPiazza commented on TIKA-860:
----------------------------------------
We should reopen this. Issue comes up quite often where some people
legitimately want a really large nesting in zips so making it configurable
would be great!
> Make ZIP bomb detection configureable
> -------------------------------------
>
> Key: TIKA-860
> URL: https://issues.apache.org/jira/browse/TIKA-860
> Project: Tika
> Issue Type: Improvement
> Components: parser
> Affects Versions: 1.0
> Reporter: Uwe Schindler
>
> The detection of ZIP bombs is nice and the original issue says it's
> configureable, but I found no solution how to change ParseContext of the
> AutoDetectParser to e.g. allow deeper nesting levels. The
> SecureContentHandler instantiation is hardcoded and there is no point of
> intervention.
> In my case a simple ZIP of an Eclipse project:
> http://store.pangaea.de/Publications/AltaweelM_2011/Salinization.zip
> triggered the bomb detection, but it is of course no bomb. Its just because
> the JAR/WAR files in this projects itself contain other JAR files and class
> files :-) This overflows the nesting level of 10 - maybe even the TIKA OSGI
> bundle triggers the bomb detection (not tested).
> In my case I would like to raise the nesting level, but there is no solution.
> My change was to simply filter away JAR files (as they contain no metadata we
> are interested in our own development, we already removed e.g. CLASS file
> parsers from out TIKA config so we have a very simple parser structure only
> allowing pdf, office documents, txt files,...) by using a custom
> DocumentSelector in my ParseContext.
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
