fix(file): exclude skipped entries from caps and reject multi-archive decompress

- Resolve safe (sanitized) zip entries up front so unsafe/skipped entries
  no longer count toward the per-entry and total uncompressed-size caps (cursor)
- Reject decompress input that resolves to more than one archive with a clear
  error instead of silently extracting only the first (cursor)

Author: waleedlatif1

apps/sim/app/api/tools/file/manage/route.ts

@@ -746,10 +746,24 @@ export const POST = withRouteHandler(async (request: NextRequest) => {
             { status: 413 }
           )
 
+        // Resolve which entries are safe to extract first, so unsafe entries
+        // (skipped below) never count toward the size caps.
+        const safeEntries: Array<{ entry: JSZip.JSZipObject; segments: string[] }> = []
+        let skippedCount = 0
+        for (const entry of entries) {
+          const segments = sanitizeArchiveEntryPath(entry.name)
+          if (!segments) {
+            skippedCount += 1
+            logger.warn('Skipping unsafe archive entry', { name: entry.name })
+            continue
+          }
+          safeEntries.push({ entry, segments })
+        }
+
         // Reject standard zip bombs up front using the declared uncompressed sizes,
         // before materializing any entry into memory.
         let declaredTotal = 0
-        for (const entry of entries) {
+        for (const { entry } of safeEntries) {
           const declaredSize = readEntryUncompressedSize(entry)
           if (declaredSize === undefined) continue
           if (declaredSize > MAX_DECOMPRESS_ENTRY_BYTES) return entryTooLargeResponse(entry.name)
@@ -760,16 +774,8 @@ export const POST = withRouteHandler(async (request: NextRequest) => {
         // Read and validate every safe entry before writing anything, so a cap
         // breach never leaves partially-extracted files behind in the workspace.
         const pending: Array<{ segments: string[]; buffer: Buffer }> = []
-        let skippedCount = 0
         let totalBytes = 0
-        for (const entry of entries) {
-          const segments = sanitizeArchiveEntryPath(entry.name)
-          if (!segments) {
-            skippedCount += 1
-            logger.warn('Skipping unsafe archive entry', { name: entry.name })
-            continue
-          }
-
+        for (const { entry, segments } of safeEntries) {
           const buffer = await entry.async('nodebuffer')
           // Enforce the per-entry cap on the materialized size too, covering
           // entries that omit a declared uncompressed size.

apps/sim/blocks/blocks/file.ts

@@ -1107,19 +1107,26 @@ export const FileV5Block: BlockConfig<FileParserV3Output> = {
 
           const fileIds = parseReadFileIds(decompressInput)
           if (fileIds) {
+            const ids = Array.isArray(fileIds) ? fileIds : [fileIds]
+            if (ids.length > 1) {
+              throw new Error('Decompress accepts a single .zip archive at a time')
+            }
             return {
-              fileId: Array.isArray(fileIds) ? fileIds[0] : fileIds,
+              fileId: ids[0],
               workspaceId: params._context?.workspaceId,
             }
           }
 
-          const normalized = normalizeFileInput(decompressInput, { single: true })
-          if (!normalized) {
+          const normalized = normalizeFileInput(decompressInput)
+          if (!normalized || normalized.length === 0) {
             throw new Error('File is required for decompress')
           }
+          if (normalized.length > 1) {
+            throw new Error('Decompress accepts a single .zip archive at a time')
+          }
 
           return {
-            fileInput: normalized,
+            fileInput: normalized[0],
             workspaceId: params._context?.workspaceId,
           }
         }