igir/dist/packages/zip/src/zipBombProtector.js

🕹 A zero-setup ROM collection manager that sorts, filters, extracts or archives, patches, and reports on collections of any size on any OS.

import stream from 'node:stream';
/**
 * Protect against extracting a zip bomb.
 * @see https://en.wikipedia.org/wiki/Zip_bomb
 * @see https://www.usenix.org/system/files/woot19-paper_fifield_0.pdf
 */
export default class ZipBombProtector extends stream.Transform {
    expectedBytes;
    readBytes = 0;
    constructor(expectedBytes) {
        super();
        this.expectedBytes = expectedBytes;
    }
    /**
     * Throw an error if we've read more than the expected bytes.
     */
    _transform(chunk, _encoding, callback) {
        this.readBytes += chunk.length;
        if (this.readBytes > this.expectedBytes) {
            callback(new Error(`stream exceeded expected size of ${this.expectedBytes}`));
            return;
        }
        // eslint-disable-next-line unicorn/no-null
        callback(null, chunk);
    }
}