jmestwa-coder opened a new pull request, #1062:
URL: https://github.com/apache/poi/pull/1062
## Summary
* restore `ZipSecureFile` threshold enforcement during encrypted temp ZIP
processing
* avoid sharing mutable `Cipher` state across returned streams
* preserve the existing streaming-based processing flow
* add regression coverage for the affected paths
## Changes
* wrap encrypted temp ZIP streaming with `ZipArchiveThresholdInputStream`
* keep `ZipArchiveThresholdInputStream#getNextEntry()` package-local
* add a small internal streaming helper to preserve existing streaming
semantics without widening API visibility
* create independent decrypt/encrypt `Cipher` instances for each stream/entry
* add regression tests for:
* independent stream reads
* max entry size enforcement
* max file count enforcement
* inflate ratio enforcement
## Before
* encrypted temp ZIP creation bypassed `ZipSecureFile` limits
* multiple returned streams shared mutable decrypt `Cipher` state
* partial reads could corrupt later stream reads
## After
* encrypted temp ZIP processing enforces existing `ZipSecureFile` protections
* returned streams use independent cipher state
* streaming behavior is preserved without entry materialization
## Validation
Verified with:
```bash
.\gradlew.bat :poi-ooxml:test --tests
org.apache.poi.poifs.crypt.tests.TestSecureTempZip -PjdkVersion=17
```
```bash
.\gradlew.bat :poi-ooxml:test --tests
org.apache.poi.poifs.crypt.tests.TestEncryptedTempZipThreshold -PjdkVersion=17
```
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
