Just a short update on this - I've provided a patch for POI to use commons 
compress [1]
So now we can focus on how the zip bomb handling can be provided by commons 
compress,
i.e. as you already have mentioned with "InputStream will be a FooInputStream",
some kind of interface which the InputStream can be cast to,
to request further compression ratio stats, is what I have in mind.

I think this pull mechanism is easier from user perspective than registering
a progress handler or getting the meta data pushed by a callback.

Andi.

[1] https://bz.apache.org/bugzilla/show_bug.cgi?id=62187


Attachment: signature.asc
Description: OpenPGP digital signature

Reply via email to