1935
91%
master: 89%

Ran 22 Sep 2014 05:15PM UTC

Jobs 1

Files 52

Run time 23s

Badge

Embed ▾

pending completion

Build # 1935

Build Type

push

travis-ci

Committed by

jabley

Commit Message

Defend against zip bombs

A zip bomb is a specially crafted file which expands to take up large
amounts of CPU time, disk space or memory.

The most well-known example of this is the 42.zip which is a zip file
consisting of 42 kilobytes of compressed data, containing five layers of
nested zip files in sets of 16, each bottom layer archive containing a
4.3 gigabyte (4 294 967 295 bytes; ~ 3.99 GiB) file for a total of 4.5
petabytes (4 503 599 626 321 920 bytes; ~ 3.99 PiB) of uncompressed
data.

Since we allow upload of gzip-compressed requests, we should defend
against malicious attacks like that.

This change adds a SafeGzipDecompressor which can be configured with a
max buffer size to use, and thus limits the amount of memory that we
permit a single upload to use.

gzip bomb created by 

```
$ dd if=/dev/zero bs=1024 count=102400 | gzip > gzip-bomb.gz
```

That creates an empty file full of zeros, which is 100M uncompressed,
but compressed down to a 100K gzip file.

Run Details

1768 of 1944 relevant lines covered (90.95%)

0.91 hits per line

Jobs

ID	Job ID	Ran	Files	Coverage
1	1935.1 (SKIP_VIRUS_SCAN=1 SKIP_SPLINTER_TESTS=1 MONGO_REPLICA_SET='')	22 Sep 2014 05:15PM UTC	0	90.95	Travis Job 1935.1

Source Files on build 1935

Detailed source file information is not available for this build.

alphagov / backdrop / 1935
91%
master: 89%

README BADGES
x

Markdown

Textile

RDoc

HTML

Rst

Jobs

Source Files on build 1935

alphagov / backdrop / 1935 91% master: 89%

README BADGES x

Markdown

Textile

RDoc

HTML

Rst

Jobs

Source Files on build 1935

alphagov / backdrop / 1935
91%
master: 89%

README BADGES
x