Change logic and add blocklist

libmineziper/include/libmineziper.h

@@ -21,6 +21,10 @@ bool detect_overlaps(zip zip);
 bool scan_decoded_files(zip zip);
 bool scan_zip(char* zip_data, int zip_size);
 
+// todo complete this list
+static const char* blocklist[] = {"Mimikatz.exe", "linpeas.sh", "winPEAS.bat"};
+static const int blocklist_size = sizeof(blocklist) / sizeof(char*);
+
 static const char* sigs[] = {
     "\x7f"
     "ELF",

libmineziper/src/libmineziper.c

@@ -56,9 +56,22 @@ bool scan_decoded_files(zip zip)
     // Verify CDH/LFH parsed sizes to avoid undefined behavior
     if (lfh->filename_length != zip.cdh_filename_length[i])
     {
-      fprintf(stderr, "[ERROR] Mismatch in CDH/LFH filename lengths.\n");
+      fprintf(
+          stderr,
+          "[ERROR] Mismatch in CDH/LFH filename lengths. Local file might be "
+          "malformed.\nSkipping file...\n");
+      continue;
+    }
+
+    for (int k = 0; k < blocklist_size; k++)
+    {
+      char* filename = zip.start + zip.lfh_off[i] + sizeof(LFH);
+      if (strcmp(blocklist[k], filename) == 0)
+      {
+        fprintf(stderr, "[ERROR] Forbidden filename found in zip archive.\n");
         return true;
       }
+    }
 
     data* decoded = malloc(sizeof(data));
     decoded->buffer = decoded->clean = decoded->size = 0;