feat: Add by_index_with_options() for ignoring encryption #439
Conversation
Summary of ChangesHello @b-spencer, I'm Gemini Code Assist1! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed! This pull request enhances the zip archive reading capabilities by introducing a flexible options-based approach for retrieving individual entries. The primary motivation is to enable robust handling of archives that intentionally misrepresent their content, such as malware archives marking unencrypted files as encrypted. By allowing users to explicitly ignore the encryption flag, the library becomes a more powerful tool for analysis, while also providing a cleaner, more extensible API for future reading options. Highlights
Using Gemini Code AssistThe full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips. Invoking Gemini You can request assistance from Gemini at any point by creating a comment using either
Customization To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a Limitations & Feedback Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here. You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension. Footnotes
|
![gemini-code-assist[bot]](https://avatars.githubusercontent.com/in/956858?s=60&v=4){kind=small}
There was a problem hiding this comment.
Code Review
This pull request introduces a valuable feature to ignore the encryption flag on zip entries, which is particularly useful for malware analysis. The implementation is solid, replacing an internal function with a more extensible public API using the ZipReadOptions builder pattern. The new logic correctly handles the ignore_encryption_flag and the accompanying tests provide good coverage for the new functionality and ensure no regressions.
I have a couple of suggestions to improve the ergonomics of the new ZipReadOptions builder API.
b-spencer
force-pushed
the
brad.spencer/ignore-encryption
branch
from
e48df06 to
8448795
Compare
Signed-off-by: Chris Hennick <[email protected]>
* chore: release v5.2.0 * Clarify description of #439 in CHANGELOG Signed-off-by: Chris Hennick <[email protected]> * Remove deprecated static feature flags * Update CHANGELOG for this being the 6.0.0 release --------- Signed-off-by: Chris Hennick <[email protected]>
2 participants
This PR adds support for completely ignoring the
encryptedflag on a zip file entry. When ignored, the entry is treated as if it were plaintext.Zip archives sometimes intentionally misrepresent their content. Some malware archives do this by marking a file entry as encrypted when it actually isn't. Since some real-world zip readers ignore the encryption flag, those applications will read, and possibly be harmed by, such archives. This feature allows malware analysis tools using this crate to read such archives.
This PR replaces the private
by_index_with_optional_password()with an extensible publicby_index_with_options()to allow multiple indepedent optional arguments to the operation. The newZipReadOptionsbuilder struct allows specifying an optionalpasswordand setting theignore_encryption_flagoption, which, of course, defaults tofalse.