I recently upgraded my KNIME Analytics Platform from 4.3.2 to 4.3.0 and now I’m receiving the following error with the new Excel Reader Node:
Execute failed: Zip bomb detected! The file would exceed the max. ratio of compressed file size to the size of the expanded data.
This may indicate that the file is used to inflate memory usage and thus could pose a security risk.
You can adjust this limit via ZipSecureFile.setMinInflateRatio() if you need to work with files which exceed this limit.
Uncompressed size: 1124190, Raw/compressed size: 11229, ratio: 0.009989
Limits: MIN_INFLATE_RATIO: 0.010000, Entry: xl/customProperty5.bin
Has anyone experienced this issue yet and is there someway to adjust the ZipSecureFile.setMinInflateRatio() limit?
In my case, the same file works fine with the deprecated Excel Reader Node.
thanks for reporting this and sorry for the inconveniences! Few questions:
- Are you able to share the file with us so that we can investigate what changed with the new node? If there is sensitive data in it, are you able to create such a file with dummy data?
- How was the file created? With MS Excel? Using the Excel Writer node?
- Can you share the error message in the log file? You find the log via View -> Open KNIME log. The most recent error messages are at the bottom of the file.
My data is sensitive so I cannot send the files, however I did attached the log message for your review. I also tried to recreate something with dummy data, but I’ve run into another issue with the Node. I can send you this, but wasn’t sure if you want me to send on a different thread (I’m having lots of issues with the new nodes)? The original files were created with MS Excel and the same files were able to be processed when I was using the 4.2.3 version.
knime_zipbom_err_log_msg.txt (4.6 KB)
Thanks @pqrussell, we will look into it. What other issues are you having with the new nodes? I’ve seen your post here already.
Do you have any update on this as I’m also facing the exact similar issue. I’m dealing with 2 excels using a loop and my workflow works absolutely fine for the first one. For the 2nd excel I get this ZIP BOMB DETECTED! error.
Also, the message states “You can adjust this limit via ZipSecureFile.setMinInflateRatio() if you need to work with files which exceed this limit.”. The question is how does one set this limit.
Any sort of help will be appreciated.
Thanks in advance,
unfortunately, there is currently no workaround or fix. The detailed error message in the log tells you which entry of the xlsx file actually causes the issue. E.g. in @pqrussell’s file the entry “xl/customProperty5.bin” is the issue. If you are having binary files or images in the Excel file that cause this issue, removing them would be an option.
Sorry for the inconveniences.
may I ask you for the detailed error message you got? I am particularly interested in the inflation ratio your file had (in the first post in this topic it was, e.g., “ratio: 0.009989”, so just slightly under the limit of 0.01). Perhaps changing this limit could already be a solution for the issue and we are interested in what ratios you are actually facing.
Please find the detailed error screenshot as follows:
It also seems to be pretty close to the threshold value. In case changing this threshold is a solution then please list the steps on how to go about changing it. As this may work as a workaround.
Thanks for the information!
Unfortunately, there is no workaround right now. I’ll let you know once there are news!
due to the limitations of the used library we haven’t found a good solution to let the user specify the threshold. So with KNIME 4.3.1, which will be released soon, we have lowered the threshold to 0.001 which should be sufficiently low.
KNIME 4.3.1 is now available and includes the mentioned fix for the zip bomb problem.
Thanks for your feedback and patience.
This topic was automatically closed 182 days after the last reply. New replies are no longer allowed.