From ca782f8f74b0d6a88dd7c0ef5aae97ae29985538 Mon Sep 17 00:00:00 2001 From: johnsonlee Date: Mon, 22 Aug 2022 23:05:20 +0800 Subject: [PATCH] Fix issue #368 remove JAR signature related files to prevent JAR signature verification --- .../didiglobal/booster/transform/util/transform.kt | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-) diff --git a/booster-transform-util/src/main/kotlin/com/didiglobal/booster/transform/util/transform.kt b/booster-transform-util/src/main/kotlin/com/didiglobal/booster/transform/util/transform.kt index fd282d931..464239794 100644 --- a/booster-transform-util/src/main/kotlin/com/didiglobal/booster/transform/util/transform.kt +++ b/booster-transform-util/src/main/kotlin/com/didiglobal/booster/transform/util/transform.kt @@ -64,7 +64,9 @@ fun ZipFile.transform( runnable.run() })) - entries().asSequence().forEach { entry -> + entries().asSequence().filterNot { + isJarSignatureRelatedFiles(it.name) + }.forEach { entry -> if (!entries.contains(entry.name)) { val zae = entryFactory(entry) val stream = InputStreamSupplier { @@ -108,7 +110,9 @@ fun ZipInputStream.transform( val entries = mutableSetOf() while (true) { - val entry = nextEntry?.takeIf { true } ?: break + val entry = nextEntry?.takeUnless { + isJarSignatureRelatedFiles(it.name) + } ?: break if (!entries.contains(entry.name)) { val zae = entryFactory(entry) val data = readBytes() @@ -131,6 +135,12 @@ fun ZipInputStream.transform( transform(it, entryFactory, transformer) } +private val JAR_SIGNATURE_EXTENSIONS = setOf("SF", "RSA", "DSA", "EC") + +private fun isJarSignatureRelatedFiles(name: String): Boolean { + return name.startsWith("META-INF/") && name.substringAfterLast('.') in JAR_SIGNATURE_EXTENSIONS +} + private const val DEFAULT_BUFFER_SIZE = 8 * 1024 private fun InputStream.readBytes(estimatedSize: Int = DEFAULT_BUFFER_SIZE): ByteArray {