Xceed .NET Libraries Documentation
Adding Item To Process Event

Welcome to Xceed .NET, .NET Standard and Xamarin Libraries! > Basic Concepts > Events > Adding Item To Process Event

The AddingItemToProcess event is raised when an item pair (current item and target item) is about to be added to a list of items to process.

Purpose

The AddingItemToProcess event allows an application to examine an item pair, replace it or exclude the pair from the list of items to be processed by a method.

The following methods can raise the AddingItemToProcess event: 

Method Description
FileSystemItem.CopyTo() Copies the item to another folder.
FileSystemItem.MoveTo() Moves the item to another folder.
FileSystemItem.Create() Creates the physical item.
FileSystemItem.Delete() Permanently deletes the physical item.
AbstractFolder.CopyFilesTo() Copies the folder's files to another folder.
AbstractFolder.MoveFilesTo() Moves the folder's files to another folder.
AbstractFolder.CopyItemsTo() Copies the folder's files and folders to another folder.
AbstractFolder.MoveItemsTo() Moves the folder's files and folders to another folder.

Demonstration

The AddingItemToProcess event can be used to filter out potentially dangerous zipped items whose names contain relative path elements (like ..\..\) that, during an unzip operation can create or overwrite files outside of the base destination folder.

public static void ZipSlip()

{

  AbstractFile zipFile = new DiskFile( "ZipSlip1.zip" );



  if( !zipFile.Exists )

    throw new InvalidProgramException( "The zip file must exist for this example to work correctly" );



  // Create a logical zip archive around the zip file

  ZipArchive zip = new ZipArchive( zipFile );



  // Create a FileSystemEvents object

  FileSystemEvents events = new FileSystemEvents();



  // Subscribe to the AddingItemToProcess event

  events.AddingItemToProcess += OnAddingItemToProcessExclude;



  // Setup a destination folder

  AbstractFolder destinationFolder = new DiskFolder( @"D:\ZipSlip\Output" );



  // User the destination folder as userData

  object userData = destinationFolder;



  // Unzip the contents of the archive

  zip.CopyFilesTo( events, userData, destinationFolder, true, true );

}



private static void OnAddingItemToProcessExclude( object sender, ItemProcessingEventArgs e )

{

  // Retrieve the destination folder from the user data

  AbstractFolder destinationFolder = ( AbstractFolder ) e.UserData;

  string destinationFullname = destinationFolder.FullName;



  FileSystemItem destinationItem = e.TargetItem;

  string targetPath = destinationItem.FullName;



  // If the target path does not start with the destination path

  if( !targetPath.StartsWith( destinationFullname ) )

  {

    /* The zipped item contains relative path modifiers that make the destination

       go outside the base destination path. In some controlled situations, that

       might be ok, but we chose not to allow it here. We will exclude this item. */



    e.Excluded = true;

  }

}
Public Shared Sub ZipSlip()

  Dim zipFile As AbstractFile = New DiskFile("ZipSlip1.zip")



  If (Not zipFile.Exists) Then

    Throw New InvalidProgramException("The zip file must exist for this example to work correctly")

  End If



  ' Create a logical zip archive around the zip file

  Dim zip As New ZipArchive(zipFile)



  ' Create a FileSystemEvents object

  Dim events As New FileSystemEvents()



  ' Subscribe to the AddingItemToProcess event

  AddHandler events.AddingItemToProcess, AddressOf OnAddingItemToProcessExclude



  ' Setup a destination folder

  Dim destinationFolder As AbstractFolder = New DiskFolder("D:\ZipSlip\Output")



  ' User the destination folder as userData

  Dim userData As Object = destinationFolder



  ' Unzip the contents of the archive

  zip.CopyFilesTo(events, userData, destinationFolder, True, True)

End Sub



Private Shared Sub OnAddingItemToProcessExclude(ByVal sender As Object, ByVal e As ItemProcessingEventArgs)

  ' Retrieve the destination folder from the user data

  Dim destinationFolder As AbstractFolder = CType(e.UserData, AbstractFolder)

  Dim destinationFullname As String = destinationFolder.FullName



  Dim destinationItem As FileSystemItem = e.TargetItem

  Dim targetPath As String = destinationItem.FullName



  ' If the target path does not start with the destination path

  If (Not targetPath.StartsWith(destinationFullname)) Then

    ' The zipped item contains relative path modifiers that make the destination

    ' go outside the base destination path. In some controlled situations, that

    ' might be ok, but we chose not to allow it here. We will exclude this item. 



    e.Excluded = True

  End If

End Sub