mattyb149 commented on code in PR #7463:
URL: https://github.com/apache/nifi/pull/7463#discussion_r1257563559
##########
nifi-nar-bundles/nifi-poi-bundle/nifi-poi-processors/src/main/java/org/apache/nifi/processors/poi/ConvertExcelToCSVProcessor.java:
##########
@@ -199,6 +213,10 @@ public void onTrigger(final ProcessContext context, final
ProcessSession session
final int firstRow =
context.getProperty(ROWS_TO_SKIP).evaluateAttributeExpressions(flowFile).asInteger()
- 1;
final List<Integer> columnsToSkip = getColumnsToSkip(context,
flowFile);
+ // Set min inflate ratio before loading documents
+ final float minInflateRatio =
context.getProperty(MIN_INFLATE_RATIO).evaluateAttributeExpressions(flowFile).asFloat();
+ ZipSecureFile.setMinInflateRatio(minInflateRatio);
Review Comment:
One thing to consider though is if all the files are trusted, then if all
the processors had the same setting for this property then it would be
acceptable for the users' flows. We could perhaps check if the property value
is more than the current setting and always keep the minimum. Definitely not a
great user experience, just trying to give a way to prevent the Zip Bomb
prediction from failing legitimate trusted files.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
