Hi Stefan, thanks a lot for your detailed answer! That explained most of my concerns. However here are some things I have questions about:
Am 18.05.17 um 18:17 schrieb Stefan Bodewig: > Compress will give you the path as it is contained inside the > archive but if an aplication blindly accepts an absolute path, it is the > applications fault. How would one receive the path from the archive? Would getName() contain a full path (if given in the archive) such as "/etc/passwd"? or will it always contain the file name "passwd"? When protecting against ZIP bombs I guess you would do a size check before unpacking via getSize(), right? You said this is not available for every file type, is there documentation for which archive type it is not available? If a ZIP file contains a ZIP file itself, this will not automatically be "resolved" by the library, right? As a dev you'd have start a new decompression process on the ArchiveEntry containing the second level archive, right? Is it possible to determine if an Entry is actually a Symlink? Thanks so much for your help! Best, Benedikt --------------------------------------------------------------------- To unsubscribe, e-mail: user-unsubscr...@commons.apache.org For additional commands, e-mail: user-h...@commons.apache.org