selective / archive-bomb-scanner
ZIP and PNG bomb scanner
Installs: 11 042
Dependents: 0
Suggesters: 0
Security: 0
Stars: 19
Watchers: 3
Forks: 5
Open Issues: 2
Requires
- php: ^8.1
Requires (Dev)
- friendsofphp/php-cs-fixer: ^3
- phpstan/phpstan: ^1
- phpunit/phpunit: ^10
- selective/rar: ^0.2 || ^0.3
- squizlabs/php_codesniffer: ^3
Suggests
- ext-zip: Use this extension to detect ZIP archive bombs
- selective/rar: Use this package to detect RAR archive bombs
README
ZIP and PNG bomb scanner for PHP.
Features
- Detection of ZIP archive bombs
- Detection of RAR archive bombs
- Detection of PNG bombs
- No dependencies
- Very fast
Requirements
- PHP 8.1+
Installation
composer require selective/archive-bomb-scanner
Usage
Scan ZIP file
use Selective\ArchiveBomb\Scanner\BombScanner; use Selective\ArchiveBomb\Engine\ZipBombEngine; use SplFileObject; $file = new SplFileObject('42.zip'); $scanner = new BombScanner(); $scanner->addEngine(new ZipBombEngine()); $scannerResult = $scanner->scanFile($file); if ($scannerResult->isBomb()) { echo 'Archive bomb detected!'; } else { echo 'File is clean'; }
Scan in-memory ZIP file
use Selective\ArchiveBomb\BombScanner; use Selective\ArchiveBomb\Engine\ZipBombEngine; use SplTempFileObject; $file = new SplTempFileObject(); $file->fwrite('my file content'); $scanner = new BombScanner(); $scanner->addEngine(new ZipBombEngine()); $isBomb = $detector->scanFile($file)->isBomb(); // true or false
Scan RAR file
use Selective\ArchiveBomb\Scanner\BombScanner; use Selective\ArchiveBomb\Engine\RarBombEngine; use SplFileObject; $file = new SplFileObject('10GB.rar'); $scanner = new BombScanner(); $scanner->addEngine(new RarBombEngine()); $scannerResult = $scanner->scanFile($file); if ($scannerResult->isBomb()) { echo 'Archive bomb detected!'; } else { echo 'File is clean'; }
Scan PNG file
use Selective\ArchiveBomb\Scanner\BombScanner; use Selective\ArchiveBomb\Engine\PngBombEngine; use SplFileObject; $file = new SplFileObject('example.png'); $scanner = new BombScanner(); $scanner->addEngine(new PngBombEngine()); $scannerResult = $scanner->scanFile($file); if ($scannerResult->isBomb()) { echo 'PNG bomb detected!'; } else { echo 'File is clean'; }
License
MIT