[
https://issues.apache.org/jira/browse/NIFI-15718?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=18066883#comment-18066883
]
Daniel Stieglitz edited comment on NIFI-15718 at 3/19/26 8:08 PM:
------------------------------------------------------------------
[~segad44] This appears to be a shortcoming of the use of
{code:java}
org.apache.commons.compress.archivers.zip.ZipArchiveInputStream{code}
I found the following Stackoverflow
[thread|https://stackoverflow.com/questions/13797733/zipfile-is-throwing-error-but-zipinputstream-is-able-to-decompress-the-archive]
which explains the issue. Although that thread address the Java API
ZipInputStream I believe the same issue applies to the ZipArchiveInputStream.
Furthermore, a quick Google query brought this up:
{quote}
{{org.apache.commons.compress.archivers.zip.ZipArchiveInputStream}} does not
verify CRC-32 checksums for ZIP entries, primarily because it is designed as a
*streaming API* that reads entries top-to-bottom without parsing the "central
directory" at the end of the file.
{quote}
was (Author: JIRAUSER294662):
[~segad44] This appears to be a shortcoming of the use of
{code:java}
org.apache.commons.compress.archivers.zip.ZipArchiveInputStream{code}
I found the following Stackoverflow
[thread|https://stackoverflow.com/questions/13797733/zipfile-is-throwing-error-but-zipinputstream-is-able-to-decompress-the-archive]
which explains the issue.
> UnpackContent doesn't verify zip checksum
> -----------------------------------------
>
> Key: NIFI-15718
> URL: https://issues.apache.org/jira/browse/NIFI-15718
> Project: Apache NiFi
> Issue Type: Bug
> Components: Extensions
> Affects Versions: 2.6.0, 2.7.0, 2.7.1, 2.7.2
> Reporter: segad44
> Priority: Major
> Attachments: entry_with_checksum_mismatch.zip
>
>
> UnpackContent unpacks corrupted zip (wrong crc checksum) without error.
> It should check the checksum and fail if the file is corrupted.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
