ZipReader增加setMaxSizeDiff方法，自定义或关闭ZipBomb

hutool-core/src/main/java/cn/hutool/core/compress/ZipReader.java

@@ -28,10 +28,14 @@ import java.util.zip.ZipInputStream;
 public class ZipReader implements Closeable {
 
 	// size of uncompressed zip entry shouldn't be bigger of compressed in MAX_SIZE_DIFF times
-	private static final int MAX_SIZE_DIFF = 100;
+	private static final int DEFAULT_MAX_SIZE_DIFF = 100;
 
 	private ZipFile zipFile;
 	private ZipInputStream in;
+	/**
+	 * 检查ZipBomb文件差异倍数，-1表示不检查ZipBomb
+	 */
+	private int maxSizeDiff = DEFAULT_MAX_SIZE_DIFF;
 
 	/**
 	 * 创建ZipReader
@@ -93,6 +97,18 @@ public class ZipReader implements Closeable {
 		this.in = zin;
 	}
 
+	/**
+	 * 设置检查ZipBomb文件差异倍数，-1表示不检查ZipBomb
+	 *
+	 * @param maxSizeDiff 检查ZipBomb文件差异倍数，-1表示不检查ZipBomb
+	 * @return this
+	 * @since 6.0.0
+	 */
+	public ZipReader setMaxSizeDiff(final int maxSizeDiff) {
+		this.maxSizeDiff = maxSizeDiff;
+		return this;
+	}
+
 	/**
 	 * 获取指定路径的文件流<br>
 	 * 如果是文件模式，则直接获取Entry对应的流，如果是流模式，则遍历entry后，找到对应流返回
@@ -235,7 +251,10 @@ public class ZipReader implements Closeable {
 	 * @param entry {@link ZipEntry}
 	 * @return 检查后的{@link ZipEntry}
 	 */
-	private static ZipEntry checkZipBomb(ZipEntry entry) {
+	private ZipEntry checkZipBomb(ZipEntry entry) {
+		if(maxSizeDiff < 0){
+			return entry;
+		}
 		if (null == entry) {
 			return null;
 		}
@@ -243,7 +262,7 @@ public class ZipReader implements Closeable {
 		final long uncompressedSize = entry.getSize();
 		if (compressedSize < 0 || uncompressedSize < 0 ||
 				// 默认压缩比例是100倍，一旦发现压缩率超过这个阈值，被认为是Zip bomb
-				compressedSize * MAX_SIZE_DIFF < uncompressedSize) {
+				compressedSize * maxSizeDiff < uncompressedSize) {
 			throw new UtilException("Zip bomb attack detected, invalid sizes: compressed {}, uncompressed {}, name {}",
 					compressedSize, uncompressedSize, entry.getName());
 		}