How can I protect myself from a zip bomb? How can I protect myself from a zip bomb? python python

How can I protect myself from a zip bomb?

Try this in Python:

import zipfilewith zipfile.ZipFile('') as z    print(f'total files size={sum(e.file_size for e in z.infolist())}')

Zip is, erm, an "interesting" format. A robust solution is to stream the data out, and stop when you have had enough. In Java, use ZipInputStream rather than ZipFile. The latter also requires you to store the data in a temporary file, which is also not the greatest of ideas.

Reading over the description on Wikipedia -

Deny any compressed files that contain compressed files.
     Use ZipFile.entries() to retrieve a list of files, then ZipEntry.getName() to find the file extension.
Deny any compressed files that contain files over a set size, or the size can not be determined at startup.
     While iterating over the files use ZipEntry.getSize() to retrieve the file size.