-
Notifications
You must be signed in to change notification settings - Fork 22
Expand file tree
/
Copy pathscan-zip.js
More file actions
38 lines (31 loc) · 1.15 KB
/
scan-zip.js
File metadata and controls
38 lines (31 loc) · 1.15 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
// scan-zip.js
// Scan a ZIP archive upload. ClamAV recurses into archives automatically,
// so this is identical to a plain file scan — just with extension validation.
// Run: node examples/scan-zip.js
'use strict';
const path = require('path');
const { scan, Verdict } = require('pompelmi');
const ALLOWED_EXTS = new Set(['.zip', '.tar', '.gz', '.tgz', '.bz2', '.7z', '.rar']);
function assertArchive(filePath) {
const ext = path.extname(filePath).toLowerCase();
if (!ALLOWED_EXTS.has(ext)) {
throw new Error(`Unsupported archive type: ${ext}`);
}
}
async function scanZip(filePath) {
assertArchive(filePath);
const resolved = path.resolve(filePath);
const result = await scan(resolved);
if (result === Verdict.Malicious) {
throw new Error(`Malicious archive rejected: ${resolved}`);
}
if (result === Verdict.ScanError) {
// Encrypted or corrupt archives return ScanError — treat as untrusted.
throw new Error(`Archive scan could not complete (possibly encrypted): ${resolved}`);
}
return resolved;
}
(async () => {
const safeFile = await scanZip('./uploads/backup.zip');
console.log('Archive accepted:', safeFile);
})();