codeql/java/ql/test/experimental/query-tests/security/CWE-522-DecompressionBombs/Zip4jHandler.java

import net.lingala.zip4j.model.LocalFileHeader;
import net.lingala.zip4j.io.inputstream.ZipInputStream;

import java.io.File;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.io.FileOutputStream;

public class Zip4jHandler {
    public static void zip4jZipInputStream(InputStream inputStream) throws IOException {
        LocalFileHeader localFileHeader;
        int readLen;
        byte[] readBuffer = new byte[4096];
        try (ZipInputStream zipInputStream = new ZipInputStream(inputStream)) {
            while ((localFileHeader = zipInputStream.getNextEntry()) != null) {
                File extractedFile = new File(localFileHeader.getFileName());
                try (OutputStream outputStream = new FileOutputStream(extractedFile)) {
                    while ((readLen = zipInputStream.read(readBuffer)) != -1) { // $ hasTaintFlow="zipInputStream"
                        outputStream.write(readBuffer, 0, readLen);
                    }
                }
            }
        }
    }

    public static void zip4jZipInputStreamSafe(InputStream inputStream) throws IOException {
        LocalFileHeader localFileHeader;
        int readLen;
        byte[] readBuffer = new byte[4096];
        try (ZipInputStream zipInputStream = new ZipInputStream(inputStream)) { 
            while ((localFileHeader = zipInputStream.getNextEntry()) != null) {
                File extractedFile = new File(localFileHeader.getFileName());
                try (OutputStream outputStream = new FileOutputStream(extractedFile)) {
                    int totallRead = 0;
                    while ((readLen = zipInputStream.read(readBuffer)) != -1) { // $ SPURIOUS: hasTaintFlow="zipInputStream"
                        totallRead += readLen;
                        if (totallRead > 1024 * 1024 * 4) {
                            System.out.println("potential Bomb");
                            break;
                        }
                        outputStream.write(readBuffer, 0, readLen);
                    }
                }
            }
        }
    }
}