Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

Enable AES256 encryption for zip files#171

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to ourterms of service andprivacy statement. We’ll occasionally send you account related emails.

Already on GitHub?Sign in to your account

Open
nheiniger wants to merge2 commits intoSpecterOps:2.X
base:2.X
Choose a base branch
Loading
fromnheiniger:2.X

Conversation

@nheiniger
Copy link

@nheinigernheiniger commentedSep 10, 2025
edited by coderabbitaibot
Loading

Description

This PR enables AES256 when the--zippassword option is provided. This replaces the default and less secure ZipCrypto option.

The code is taken from the examples of SharpZipLib here:https://github.com/icsharpcode/SharpZipLib/wiki/Zip-Samples/6dc300804f36f981e516fa477219b0e40c192861

Motivation and Context

Just follow best practice after an auditor noted that the zip file uses zipcrypto.

How Has This Been Tested?

Run SharpHound twice, once withSharpHound.exe --zippassword infected to confirm that the encryption is working as expected. Then a second time withSharpHound.exe and no password to ensure that it works without a password too.

Screenshots

With this change, the encryption method is now AES256
image

Types of changes

  • Chore (a change that does not modify the application functionality)
  • Bug fix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)
  • Breaking change (fix or feature that would cause existing functionality to change)

Checklist:

  • Documentation updates are needed, and have been made accordingly.
  • I have added and/or updated tests to cover my changes.
  • All new and existing tests passed.
  • My changes include a database migration.

Summary by CodeRabbit

  • New Features
    • Password-protected ZIP exports now use AES-256 encryption per file entry, delivering stronger protection without changing existing workflows.
    • Automatically applies whenever a ZIP password is set; no additional configuration required.
    • Backward compatible: no changes to public APIs or user settings.
    • Affects only newly created archives; existing archives remain unchanged.

@coderabbitai
Copy link

coderabbitaibot commentedSep 10, 2025
edited
Loading

Walkthrough

Adds per-entry AES-256 encryption in ZIP creation: when a ZipPassword is set, each ZipEntry’s AESKeySize is set to 256. This occurs within existing loops in LoopManager.ZipFiles and OutputWriter.ZipFiles. No control flow or public API changes.

Changes

Cohort / File(s)Summary
ZIP AES-256 per-entry encryption
src/Runtime/LoopManager.cs,src/Runtime/OutputWriter.cs		SetZipEntry.AESKeySize = 256 when_context.ZipPassword/ZipPassword is present, complementing existingZipOutputStream.Password usage; no other logic or API changes.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Pre-merge checks (2 passed, 1 warning)

❌ Failed checks (1 warning)
Check nameStatusExplanationResolution
Docstring Coverage⚠️ WarningDocstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.You can run@coderabbitai generate docstrings to improve docstring coverage.
✅ Passed checks (2 passed)
Check nameStatusExplanation
Title Check✅ PassedThe title succinctly and accurately conveys the main change—enabling AES256 encryption for ZIP archives—without extra detail or ambiguous language, making it clear and specific for anyone scanning the project history.
Description Check✅ PassedThe description fully follows the repository’s template by including clear sections for Description, Motivation and Context, How Has This Been Tested, Screenshots, Types of changes, and Checklist, each populated with relevant details about the change, its purpose, and verification steps.

Poem

I zipped with a hop and a cryptic grin,
AES carrots tucked snugly in tin,
256 bits guard each file I stow—
burrow-safe bundles, ready to go.
With whiskers twitching, I press “compress,”
soft thumps of security—nothing less. 🥕🗜️

Tip

👮 Agentic pre-merge checks are now available in preview!

Pro plan users can now enable pre-merge checks in their settings to enforce checklists before merging PRs.

  • Built-in checks – Quickly apply ready-made checks to enforce title conventions, require pull request descriptions that follow templates, validate linked issues for compliance, and more.
  • Custom agentic checks – Define your own rules using CodeRabbit’s advanced agentic capabilities to enforce organization-specific policies and workflows. For example, you can instruct CodeRabbit’s agent to verify that API documentation is updated whenever API schema files are modified in a PR. Note: Upto 5 custom checks are currently allowed during the preview period. Pricing for this feature will be announced in a few weeks.

Please see thedocumentation for more information.

Example:

reviews:pre_merge_checks:custom_checks:      -name:"Undocumented Breaking Changes"mode:"warning"instructions:|          Pass/fail criteria: All breaking changes to public APIs, CLI flags, environment variables, configuration keys, database schemas, or HTTP/GraphQL endpoints must be documented in the "Breaking Change" section of the PR description and in CHANGELOG.md. Exclude purely internal or private changes (e.g., code not exported from package entry points or explicitly marked as internal).

Please share your feedback with us on thisDiscord post.

📜 Recent review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and betweena073f1a andddc8ba6.

📒 Files selected for processing (2)
  • src/Runtime/LoopManager.cs (1 hunks)
  • src/Runtime/OutputWriter.cs (1 hunks)
🔇 Additional comments (2)
src/Runtime/OutputWriter.cs (1)

208-208:LGTM! Correctly enables AES256 encryption for ZIP entries.

The implementation properly sets the AES key size to 256 bits when a ZIP password is provided, which will upgrade from the default ZipCrypto to AES256 encryption as intended.

src/Runtime/LoopManager.cs (1)

104-104:LGTM! Consistent AES256 encryption implementation.

This change matches the identical implementation inOutputWriter.cs (Line 208), ensuring consistent AES256 encryption behavior across both ZIP creation workflows in the application.

✨ Finishing Touches
  • 📝 Generate Docstrings
🧪 Generate unit tests
  • Create PR with unit tests
  • Post copyable unit tests in a comment

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment@coderabbitai help to get the list of available commands and usage tips.

@github-actions
Copy link

github-actionsbot commentedSep 10, 2025
edited
Loading

CLA Assistant Lite bot All contributors have signed the CLA ✍️ ✅

@nheiniger
Copy link
Author

I have read the CLA Document and I hereby sign the CLA

Sign up for freeto join this conversation on GitHub. Already have an account?Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@nheiniger
[8]ページ先頭
©2009-2025 Movatter.jp