feat: allow to set zip max entries count using env var (#1751)

Author: skylot

README.md

@@ -173,6 +173,11 @@ Plugin options (-P<name>=<value>):
     - rename-mappings.format          - mapping format, values: [auto, TINY, TINY_2, ENIGMA, ENIGMA_DIR, MCP, SRG, TSRG, TSRG2, PROGUARD], default: auto
     - rename-mappings.invert          - invert mapping, values: [yes, no], default: no
 
+Environment variables:
+  JADX_DISABLE_ZIP_SECURITY - set to 'true' to disable all security checks for zip files
+  JADX_ZIP_MAX_ENTRIES_COUNT - maximum allowed number of entries in zip files (default: 100 000)
+  JADX_TMP_DIR - custom temp directory, using system by default
+
 Examples:
   jadx -d out classes.dex
   jadx --rename-flags "none" classes.dex

jadx-cli/src/main/java/jadx/cli/JCommanderWrapper.java

@@ -108,6 +108,11 @@ public void printUsage() {
 		int maxNamesLen = printOptions(jc, out, true);
 		out.println(appendPluginOptions(maxNamesLen));
 		out.println();
+		out.println("Environment variables:");
+		out.println("  JADX_DISABLE_ZIP_SECURITY - set to 'true' to disable all security checks for zip files");
+		out.println("  JADX_ZIP_MAX_ENTRIES_COUNT - maximum allowed number of entries in zip files (default: 100 000)");
+		out.println("  JADX_TMP_DIR - custom temp directory, using system by default");
+		out.println();
 		out.println("Examples:");
 		out.println("  jadx -d out classes.dex");
 		out.println("  jadx --rename-flags \"none\" classes.dex");

jadx-core/src/main/java/jadx/api/plugins/utils/ZipSecurity.java

@@ -5,7 +5,6 @@
 import java.io.IOException;
 import java.io.InputStream;
 import java.util.Enumeration;
-import java.util.Objects;
 import java.util.function.BiConsumer;
 import java.util.function.BiFunction;
 import java.util.zip.ZipEntry;
@@ -15,10 +14,13 @@
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
+import jadx.core.utils.Utils;
+import jadx.core.utils.exceptions.JadxRuntimeException;
+
 public class ZipSecurity {
 	private static final Logger LOG = LoggerFactory.getLogger(ZipSecurity.class);
 
-	private static final boolean DISABLE_CHECKS = Objects.equals(System.getenv("JADX_DISABLE_ZIP_SECURITY"), "true");
+	private static final boolean DISABLE_CHECKS = Utils.getEnvVarBool("JADX_DISABLE_ZIP_SECURITY", false);
 
 	/**
 	 * size of uncompressed zip entry shouldn't be bigger of compressed in
@@ -31,7 +33,8 @@ public class ZipSecurity {
 	 * are considered safe
 	 */
 	private static final int ZIP_BOMB_MIN_UNCOMPRESSED_SIZE = 25 * 1024 * 1024;
-	private static final int MAX_ENTRIES_COUNT = 100_000;
+
+	private static final int MAX_ENTRIES_COUNT = Utils.getEnvVarInt("JADX_ZIP_MAX_ENTRIES_COUNT", 100_000);
 
 	private ZipSecurity() {
 	}
@@ -130,13 +133,13 @@ public static <R> R visitZipEntries(File file, BiFunction<ZipFile, ZipEntry, R>
 					}
 					entriesProcessed++;
 					if (!DISABLE_CHECKS && entriesProcessed > MAX_ENTRIES_COUNT) {
-						throw new IllegalStateException("Zip entries count limit exceeded: " + MAX_ENTRIES_COUNT
+						throw new JadxRuntimeException("Zip entries count limit exceeded: " + MAX_ENTRIES_COUNT
 								+ ", last entry: " + entry.getName());
 					}
 				}
 			}
 		} catch (Exception e) {
-			throw new RuntimeException("Failed to process zip file: " + file.getAbsolutePath(), e);
+			throw new JadxRuntimeException("Failed to process zip file: " + file.getAbsolutePath(), e);
 		}
 		return null;
 	}
@@ -147,7 +150,7 @@ public static void readZipEntries(File file, BiConsumer<ZipEntry, InputStream> v
 				try (InputStream in = getInputStreamForEntry(zip, entry)) {
 					visitor.accept(entry, in);
 				} catch (Exception e) {
-					throw new RuntimeException("Error process zip entry: " + entry.getName());
+					throw new JadxRuntimeException("Failed to process zip entry: " + entry.getName());
 				}
 			}
 			return null;

jadx-core/src/main/java/jadx/core/utils/Utils.java

@@ -487,4 +487,20 @@ public static void checkThreadInterrupt() {
 			throw new JadxRuntimeException("Thread interrupted");
 		}
 	}
+
+	public static boolean getEnvVarBool(String varName, boolean defValue) {
+		String strValue = System.getenv(varName);
+		if (strValue == null) {
+			return defValue;
+		}
+		return strValue.equalsIgnoreCase("true");
+	}
+
+	public static int getEnvVarInt(String varName, int defValue) {
+		String strValue = System.getenv(varName);
+		if (strValue == null) {
+			return defValue;
+		}
+		return Integer.parseInt(strValue);
+	}
 }