selective/archive-bomb-scanner

Archive (ZIP) bomb scanner for PHP.

Features

• Detection of the ZIP archive bombs
• No dependencies
• Very fast

Supported formats

• ZIP

Requirements

• PHP 7.2+

Installation

composer require selective/archive-bomb-scanner

Usage

Scan file

use Selective\ArchiveBomb\Scanner\ArchiveBombScanner;
use Selective\ArchiveBomb\Engine\ZipBombEngine;
use SplFileObject;

$file = new SplFileObject('42.zip');

$scanner = new ArchiveBombScanner();
$scanner->addEngine(new ZipBombEngine());

$scannerResult = $scanner->scanFile($file);

if ($scannerResult->isArchiveBomb()) {
    echo 'Archive bomb detected!';
} else {
    echo 'File is clean';
}

Scan in-memory file

use Selective\ArchiveBomb\ArchiveBombScanner;
use Selective\ArchiveBomb\Engine\ZipBombEngine;
use SplTempFileObject;

$file = new SplTempFileObject();

$file->fwrite('my file content');

$scanner = new ArchiveBombScanner();
$scanner->addEngine(new ZipBombEngine());

$isArchiveBomb = $detector->scanFile($file)->isArchiveBomb(); // true or false

License

• MIT