easyExcel读取报错

easyExcel读取excel报错( java.io.IOException: Zip bomb detected!)

异常:

Caused by: com.alibaba.excel.exception.ExcelAnalysisException: java.io.IOException: Zip bomb detected! The file would exceed the max. ratio of compressed file size to the size of the expanded data.
This may indicate that the file is used to inflate memory usage and thus could pose a security risk.
You can adjust this limit via ZipSecureFile.setMinInflateRatio() if you need to work with files which exceed this limit.
Uncompressed size: 741169, Raw/compressed size: 7411, ratio: 0.009999
Limits: MIN_INFLATE_RATIO: 0.010000, Entry: xl/drawings/drawing1.xml
        at com.alibaba.excel.analysis.ExcelAnalyserImpl.<init>(ExcelAnalyserImpl.java:51)
        at com.alibaba.excel.ExcelReader.<init>(ExcelReader.java:141)
        at com.alibaba.excel.ExcelReader.<init>(ExcelReader.java:101)
        at com.alibaba.excel.ExcelReader.<init>(ExcelReader.java:69)
        at com.alibaba.excel.EasyExcelFactory.getReader(EasyExcelFactory.java:95)
        at com.cy.tools.excel.EasyExcelHelper.readExcelByModelFromInputStream(EasyExcelHelper.java:294)
        ... 98 common frames omitted
Caused by: java.io.IOException: Zip bomb detected! The file would exceed the max. ratio of compressed file size to the size of the expanded data.
This may indicate that the file is used to inflate memory usage and thus could pose a security risk.
You can adjust this limit via ZipSecureFile.setMinInflateRatio() if you need to work with files which exceed this limit.
Uncompressed size: 741169, Raw/compressed size: 7411, ratio: 0.009999
Limits: MIN_INFLATE_RATIO: 0.010000, Entry: xl/drawings/drawing1.xml
        at org.apache.poi.openxml4j.util.ZipArchiveThresholdInputStream.checkThreshold(ZipArchiveThresholdInputStream.java:132)
        at org.apache.poi.openxml4j.util.ZipArchiveThresholdInputStream.read(ZipArchiveThresholdInputStream.java:82)
        at org.apache.poi.util.IOUtils.toByteArray(IOUtils.java:182)
        at org.apache.poi.util.IOUtils.toByteArray(IOUtils.java:149)
        at org.apache.poi.openxml4j.util.ZipArchiveFakeEntry.<init>(ZipArchiveFakeEntry.java:47)
        at org.apache.poi.openxml4j.util.ZipInputStreamZipEntrySource.<init>(ZipInputStreamZipEntrySource.java:53)
        at org.apache.poi.openxml4j.opc.ZipPackage.<init>(ZipPackage.java:106)
        at org.apache.poi.openxml4j.opc.OPCPackage.open(OPCPackage.java:307)
        at com.alibaba.excel.analysis.v07.XlsxSaxAnalyser.readOpcPackage(XlsxSaxAnalyser.java:130)
        at com.alibaba.excel.analysis.v07.XlsxSaxAnalyser.<init>(XlsxSaxAnalyser.java:58)
        at com.alibaba.excel.analysis.ExcelAnalyserImpl.choiceExcelExecutor(ExcelAnalyserImpl.java:92)
        at com.alibaba.excel.analysis.ExcelAnalyserImpl.<init>(ExcelAnalyserImpl.java:45)
        ... 103 common frames omitted

Using apache poi - Zip Bomb detected

Zip bomb detected! The file would exceed the max. ratio of compressed file size to the size of the expanded data. This may indicate that the file is used to inflate memory usage and thus could pose a security risk. You can adjust this limit via ZipSecureFile.setMinInflateRatio() if you need to work with files which exceed this limit. Counter: 820224, cis.counter: 8192, ratio: 0.009987515605493134Limits: MIN_INFLATE_RATIO: 0.01

解决方法是在打开工作簿之前添加以下行:

ZipSecureFile.setMinInflateRatio(0);

在这里插入图片描述
" Zip炸弹"是一个用于攻击向量的术语,其中一个小的zip文件会扩展为一个非常大的未压缩文件,因此会引起诸如耗尽内存或磁盘空间等问题。

通常,创建此类zip的目的是在从外部来源接收zip文件的系统上引起拒绝服务攻击。

由于.xlsx文件实际上是包含XML文件的压缩文件,因此有可能在POI中引起这种zip bomb漏洞。

为了防止这种情况的发生,Apache POI内置了一些防护措施,并且默认情况下启用了这些防护措施。因此,如果您创建的文件包含异常内容,例如如果许多行/列具有相同的内容,则可以使用这些保护措施并收到上述异常。

如果完全控制已处理文件的创建,则可以调整错误消息中给出的设置以避免异常。

请参阅https://bz.apache.org/bugzilla/show_bug.cgi?id=58499,以获取相关问题和ZIp-bomb异常,同时编写较大格式的Excel(.xlsx),以及如何确定何时出现Zip Bomb错误检索Excel文件样式表是否合法?进行类似的讨论。

评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包

打赏作者

爱上编程2705

你的鼓励将是我创作的最大动力

¥1 ¥2 ¥4 ¥6 ¥10 ¥20
扫码支付:¥1
获取中
扫码支付

您的余额不足,请更换扫码支付或充值

打赏作者

实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值