diff options
author | Cyrille Bagard <nocbos@gmail.com> | 2023-10-12 12:59:23 (GMT) |
---|---|---|
committer | Cyrille Bagard <nocbos@gmail.com> | 2023-10-12 12:59:23 (GMT) |
commit | 82dee78837d1d21fa80271befa909efd86554567 (patch) | |
tree | b3d7969f9a862b65bb87f91559fab1e74cf076bb /python-plugins | |
parent | 832196f7a39c62c9426db07a8ddd90c64cefc187 (diff) |
Diffstat (limited to 'python-plugins')
-rw-r--r-- | python-plugins/zipbomb/__init__.py | 2 | ||||
-rw-r--r-- | python-plugins/zipbomb/plugin.py | 71 |
2 files changed, 73 insertions, 0 deletions
diff --git a/python-plugins/zipbomb/__init__.py b/python-plugins/zipbomb/__init__.py new file mode 100644 index 0000000..a9d4527 --- /dev/null +++ b/python-plugins/zipbomb/__init__.py @@ -0,0 +1,2 @@ + +from zipbomb.plugin import ZipBombChecker as AutoLoad diff --git a/python-plugins/zipbomb/plugin.py b/python-plugins/zipbomb/plugin.py new file mode 100644 index 0000000..be8c12f --- /dev/null +++ b/python-plugins/zipbomb/plugin.py @@ -0,0 +1,71 @@ + +import io +import zipfile + +from pychrysalide.analysis.scan import ScanRegisteredItem +from pychrysalide.analysis.scan.exprs import ScanLiteralExpression +from pychrysalide.core import get_rost_root_namespace +from pychrysalide.plugins import PluginModule + + +class ZipBombKeyword(ScanRegisteredItem): + """Introduce a new keyword in the ROST grammar.""" + + _name = 'is_zip_bomb' + + + def _reduce(self, ctx, scope): + + expr = None + + try: + + has_bomb = False + + # compress < 10% plain => bomb + ZIP_BOMB_RATIO = 0.01 + + data = io.BytesIO(ctx.content.data) + + zf = zipfile.ZipFile(data) + + info = zf.infolist() + + for i in info: + + ratio = i.compress_size / i.file_size + + has_bomb = ratio < ZIP_BOMB_RATIO + + if has_bomb: + break + + expr = ScanLiteralExpression(has_bomb) + + except: + pass + + return expr + + +class ZipBombChecker(PluginModule): + """Check for ZIP bombs.""" + + _name = 'ZipBombChecker' + _desc = 'Check if a ZIP archive may contain heavy files on extraction' + _version = '0.1' + _url = 'https://www.chrysalide.re/' + + _actions = ( ) + + + def __init__(self): + """Create a ZipBombChecker plugin instance.""" + + super().__init__() + + ns = get_rost_root_namespace() + + kw = ZipBombKeyword() + + ns.register_item(kw) |