this post was submitted on 19 Nov 2024
57 points (95.2% liked)

Open Source

31972 readers
102 users here now

All about open source! Feel free to ask questions, and share news, and interesting stuff!

Useful Links

Rules

Related Communities

Community icon from opensource.org, but we are not affiliated with them.

founded 5 years ago
MODERATORS
 

Extractify.zip is open source progressive web app (PWA) website to view and extract zip files online without downloading them (client side). It is a free and open source project.

Website: https://extractify.zip/

top 12 comments
sorted by: hot top controversial new old
[–] [email protected] 26 points 1 month ago

"7z-wasm": "^1.0.2",

Ah, knew we were looking at a wrapper of my faithful companion here

[–] [email protected] 8 points 1 month ago (1 children)

I'm confused. How are you defining "download" and "online" here?

The website suggests that the server holds the files and does the extraction:

Extract and Explore compressed files online [emphasis mine]

which fits with the github claim of:

to view and extract zip files online without downloading them

but the website also states that:

nothing leave your browser

which suggests that the server has nothing to do with it, and you do actually download the zip files first.

What am I missing?

[–] [email protected] 5 points 1 month ago (1 children)

I have no clue what's meant by "without download", but this app just uses web assembly to inspect the archive in the browser. The sandbox they talk about most likely refers to the browser sandboxing.

So it pretty much boils down to "risking running malicious code is fine, because this app as a whole is treated as malicious by the browser".

[–] [email protected] 2 points 1 month ago

Yeah, that's what I was suspecting.

I ended up leaning towards "download" being used in the boomer way of meaning any data transfer, whatever the direction, which in this case would more specifically be called an "upload". And that "online" was being used to mean "using a website", even though the local processing is offline.

The alternative fit to the description I had considered was a website you could give an URL, so it retrieves the zip file and allows you to inspect it remotely, and maybe just download some of the contained files, so it deals with the risk and bandwidth issues for you. That would be a different kind of useful, though it'd only be a few days before someone uses it for malign purposes and gets the site operator a no-knock visit from the fuzz, so that seemed much less likely.

I can see a use for an app that can be used where they can't be installed, though.

[–] [email protected] 4 points 1 month ago

Don't we already have this all of our file browsers and archive browsers?

[–] [email protected] 4 points 1 month ago (3 children)

Don’t get me wrong, this is cool, but is there some reason not to extract a .zip file locally?

I’ve been using Linux, UNIX for a long time so I don’t know if it’s a Windows thing or what.

[–] [email protected] 4 points 1 month ago

A compacted archive could be used as an attack vector.

  • Zip Bombs
  • Code execution through a vulnerability in the extracting algorithm

Both of them are valid for any OS.

[–] [email protected] 3 points 1 month ago

I had thought for virus scanning, but it doesnt seem to do that yet.

[–] [email protected] 1 points 1 month ago (1 children)

My android file explorer don't support .RAR or 7z archive. It's only FOSS File Explorer

[–] [email protected] 1 points 1 month ago

Oh yeah, that makes sense.

[–] [email protected] 4 points 1 month ago

extractify when i want to extract a 16 gb source code:

[–] [email protected] 1 points 1 month ago

Integrate with ClamAV or VirusTotal and this would be a masterpiece.