minitar 0.5.4 → 0.6

data/test/test_tar_writer.rb

@@ -0,0 +1,190 @@
+#!/usr/bin/env ruby
+
+require 'minitar'
+require 'minitest_helper'
+
+class TestTarWriter < Minitest::Test
+  class DummyIO
+    attr_reader :data
+
+    def initialize
+      @data = ''
+    end
+
+    def write(dat)
+      data << dat
+      dat.size
+    end
+
+    def reset
+      @data = ''
+    end
+  end
+
+  def setup
+    @data = 'a' * 10
+    @dummyos = DummyIO.new
+    @os = Minitar::Writer.new(@dummyos)
+  end
+
+  def teardown
+    @os.close
+  end
+
+  def test_add_file_simple
+    @dummyos.reset
+
+    Minitar::Writer.open(@dummyos) do |os|
+      os.add_file_simple('lib/foo/bar', :mode => 0o644, :size => 10) do |f|
+        f.write 'a' * 10
+      end
+      os.add_file_simple('lib/bar/baz', :mode => 0o644, :size => 100) do |f|
+        f.write 'fillme'
+      end
+    end
+
+    assert_headers_equal(tar_file_header('lib/foo/bar', '', 0o644, 10),
+      @dummyos.data[0, 512])
+    assert_equal('a' * 10 + "\0" * 502, @dummyos.data[512, 512])
+    assert_headers_equal(tar_file_header('lib/bar/baz', '', 0o644, 100),
+      @dummyos.data[512 * 2, 512])
+    assert_equal('fillme' + "\0" * 506, @dummyos.data[512 * 3, 512])
+    assert_equal("\0" * 512, @dummyos.data[512 * 4, 512])
+    assert_equal("\0" * 512, @dummyos.data[512 * 5, 512])
+  end
+
+  def test_write_operations_fail_after_closed
+    @dummyos.reset
+    @os.add_file_simple('sadd', :mode => 0o644, :size => 20) { |f| }
+    @os.close
+    assert_raises(Minitar::ClosedStream) { @os.flush }
+    assert_raises(Minitar::ClosedStream) {
+      @os.add_file('dfdsf', :mode => 0o644) {}
+    }
+    assert_raises(Minitar::ClosedStream) { @os.mkdir 'sdfdsf', :mode => 0o644 }
+  end
+
+  def test_file_name_is_split_correctly
+    # test insane file lengths, and: a{100}/b{155}, etc
+    @dummyos.reset
+    names = [
+      "#{'a' * 155}/#{'b' * 100}",
+      "#{'a' * 151}/#{'qwer/' * 19}bla",
+      "/#{'a' * 49}/#{'b' * 50}",
+      "#{'a' * 49}/#{'b' * 50}x",
+      "#{'a' * 49}x/#{'b' * 50}"
+    ]
+    o_names = [
+      'b' * 100,
+      "#{'qwer/' * 19}bla",
+      'b' * 50,
+      "#{'b' * 50}x",
+      'b' * 50
+    ]
+    o_prefixes = [
+      'a' * 155,
+      'a' * 151,
+      "/#{'a' * 49}",
+      'a' * 49,
+      "#{'a' * 49}x"
+    ]
+    names.each do |name|
+      @os.add_file_simple(name, :mode => 0o644, :size => 10) {}
+    end
+    names.each_index do |i|
+      assert_headers_equal(
+        tar_file_header(o_names[i], o_prefixes[i], 0o644, 10),
+        @dummyos.data[2 * i * 512, 512]
+      )
+    end
+    assert_raises(Minitar::FileNameTooLong) do
+      @os.add_file_simple(File.join('a' * 152, 'b' * 10, 'a' * 92),
+        :mode => 0o644, :size => 10) {}
+    end
+    assert_raises(Minitar::FileNameTooLong) do
+      @os.add_file_simple(File.join('a' * 162, 'b' * 10),
+        :mode => 0o644, :size => 10) {}
+    end
+    assert_raises(Minitar::FileNameTooLong) do
+      @os.add_file_simple(File.join('a' * 10, 'b' * 110),
+        :mode => 0o644, :size => 10) {}
+    end
+    # Issue #6.
+    assert_raises(Minitar::FileNameTooLong) do
+      @os.add_file_simple('a' * 114, :mode => 0o644, :size => 10) {}
+    end
+  end
+
+  def test_add_file
+    dummyos = StringIO.new
+    def dummyos.method_missing(meth, *a) # rubocop:disable Style/MethodMissing
+      string.send(meth, *a)
+    end
+    content1 = ('a'..'z').to_a.join('') # 26
+    content2 = ('aa'..'zz').to_a.join('') # 1352
+    Minitar::Writer.open(dummyos) do |os|
+      os.add_file('lib/foo/bar', :mode => 0o644) { |f, _opts| f.write 'a' * 10 }
+      os.add_file('lib/bar/baz', :mode => 0o644) { |f, _opts| f.write content1 }
+      os.add_file('lib/bar/baz', :mode => 0o644) { |f, _opts| f.write content2 }
+      os.add_file('lib/bar/baz', :mode => 0o644) { |_f, _opts| }
+    end
+    assert_headers_equal(tar_file_header('lib/foo/bar', '', 0o644, 10),
+      dummyos[0, 512])
+    assert_equal(%Q(#{'a' * 10}#{"\0" * 502}), dummyos[512, 512])
+    offset = 512 * 2
+    [content1, content2, ''].each do |data|
+      assert_headers_equal(tar_file_header('lib/bar/baz', '', 0o644,
+        data.size), dummyos[offset, 512])
+      offset += 512
+      until !data || data == ''
+        chunk = data[0, 512]
+        data[0, 512] = ''
+        assert_equal(chunk + "\0" * (512 - chunk.size),
+          dummyos[offset, 512])
+        offset += 512
+      end
+    end
+    assert_equal("\0" * 1024, dummyos[offset, 1024])
+  end
+
+  def test_add_file_tests_seekability
+    assert_raises(Archive::Tar::Minitar::NonSeekableStream) do
+      @os.add_file('libdfdsfd', :mode => 0o644) { |f| }
+    end
+  end
+
+  def test_write_header
+    @dummyos.reset
+    @os.add_file_simple('lib/foo/bar', :mode => 0o644, :size => 0) {}
+    @os.flush
+    assert_headers_equal(tar_file_header('lib/foo/bar', '', 0o644, 0),
+      @dummyos.data[0, 512])
+    @dummyos.reset
+    @os.mkdir('lib/foo', :mode => 0o644)
+    assert_headers_equal(tar_dir_header('lib/foo', '', 0o644),
+      @dummyos.data[0, 512])
+    @os.mkdir('lib/bar', :mode => 0o644)
+    assert_headers_equal(tar_dir_header('lib/bar', '', 0o644),
+      @dummyos.data[512 * 1, 512])
+  end
+
+  def test_write_data
+    @dummyos.reset
+    @os.add_file_simple('lib/foo/bar', :mode => 0o644, :size => 10) do |f|
+      f.write @data
+    end
+    @os.flush
+    assert_equal(@data + ("\0" * (512 - @data.size)),
+      @dummyos.data[512, 512])
+  end
+
+  def test_file_size_is_checked
+    @dummyos.reset
+    assert_raises(Minitar::Writer::WriteBoundaryOverflow) do
+      @os.add_file_simple('lib/foo/bar', :mode => 0o644, :size => 10) do |f|
+        f.write '1' * 100
+      end
+    end
+    @os.add_file_simple('lib/foo/bar', :mode => 0o644, :size => 10) { |f| }
+  end
+end

metadata

@@ -1,67 +1,256 @@
 --- !ruby/object:Gem::Specification
 name: minitar
 version: !ruby/object:Gem::Version
-  version: 0.5.4
-  prerelease: 
+  version: '0.6'
 platform: ruby
 authors:
-- Austin Ziegler, Mauricio Fernandez, Antoine Toulme
-autorequire: archive/tar/minitar
+- Austin Ziegler
+autorequire: 
 bindir: bin
 cert_chain: []
-date: 2012-11-14 00:00:00.000000000 Z
-dependencies: []
-description: Archive::Tar::Minitar is a pure-Ruby library and command-line utility
-  that provides the ability to deal with POSIX tar(1) archive files. The implementation
-  is based heavily on Mauricio Ferna'ndez's implementation in rpa-base, but has been
-  reorganised to promote reuse in other projects. Antoine Toulme forked the original
-  project on rubyforge to place it on github, under http://www.github.com/atoulme/minitar
-email: antoine@lunar-ocean.com
-executables:
-- minitar
+date: 2017-02-07 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: minitest
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '5.9'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '5.9'
+- !ruby/object:Gem::Dependency
+  name: hoe-doofus
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.0'
+- !ruby/object:Gem::Dependency
+  name: hoe-gemspec2
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.1'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.1'
+- !ruby/object:Gem::Dependency
+  name: hoe-git
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.6'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.6'
+- !ruby/object:Gem::Dependency
+  name: hoe-rubygems
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.0'
+- !ruby/object:Gem::Dependency
+  name: hoe-travis
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.2'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.2'
+- !ruby/object:Gem::Dependency
+  name: minitest-autotest
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '1.0'
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: '2'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '1.0'
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: '2'
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '10.0'
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: '12'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '10.0'
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: '12'
+- !ruby/object:Gem::Dependency
+  name: rdoc
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0.0'
+- !ruby/object:Gem::Dependency
+  name: hoe
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.16'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.16'
+description: |-
+  The minitar library is a pure-Ruby library that provides the ability to deal
+  with POSIX tar(1) archive files.
+
+  This is release 0.6, providing a number of bug fixes including a directory
+  traversal vulnerability, CVE-2016-10173. This release starts the migration and
+  modernization of the code:
+
+  *   the licence has been changed to match the modern Ruby licensing scheme
+      (Ruby and Simplified BSD instead of Ruby and GNU GPL);
+  *   the +minitar+ command-line program has been separated into the
+      +minitar-cli+ gem; and
+  *   the +archive-tar-minitar+ gem now points to the +minitar+ and +minitar-cli+
+      gems and discourages its installation.
+
+  Some of these changes may break existing programs that depend on the internal
+  structure of the minitar library, but every effort has been made to ensure
+  compatibility; inasmuch as is possible, this compatibility will be maintained
+  through the release of minitar 1.0 (which will have strong breaking changes).
+
+  minitar (previously called Archive::Tar::Minitar) is based heavily on code
+  originally written by Mauricio Julio Fernández Pradier for the rpa-base
+  project.
+email:
+- halostatue@gmail.com
+executables: []
 extensions: []
 extra_rdoc_files:
-- README
-- ChangeLog
-- Install
+- Code-of-Conduct.md
+- Contributing.md
+- History.md
+- Licence.md
+- Manifest.txt
+- README.rdoc
+- docs/bsdl.txt
+- docs/ruby.txt
 files:
-- bin/minitar
-- ChangeLog
-- Install
-- lib/archive/tar/minitar/command.rb
-- lib/archive/tar/minitar.rb
+- Code-of-Conduct.md
+- Contributing.md
+- History.md
+- Licence.md
+- Manifest.txt
+- README.rdoc
 - Rakefile
-- README
-- tests/tc_tar.rb
-- tests/testall.rb
-homepage: http://www.github.com/atoulme/minitar
-licenses: []
-post_install_message: 
+- docs/bsdl.txt
+- docs/ruby.txt
+- lib/archive-tar-minitar.rb
+- lib/archive/tar/minitar.rb
+- lib/archive/tar/minitar/input.rb
+- lib/archive/tar/minitar/output.rb
+- lib/archive/tar/minitar/posix_header.rb
+- lib/archive/tar/minitar/reader.rb
+- lib/archive/tar/minitar/writer.rb
+- lib/minitar.rb
+- test/minitest_helper.rb
+- test/support/tar_test_helpers.rb
+- test/test_tar_header.rb
+- test/test_tar_input.rb
+- test/test_tar_output.rb
+- test/test_tar_reader.rb
+- test/test_tar_writer.rb
+homepage: https://github.com/halostatue/minitar/
+licenses:
+- Ruby
+- BSD-2-Clause
+metadata: {}
+post_install_message: |
+  The `minitar` executable is no longer bundled with `minitar`. If you are
+  expecting this executable, make sure you also install `minitar-cli`.
 rdoc_options:
-- --title
-- Archive::Tar::MiniTar -- A POSIX tarchive library
-- --main
-- README
-- --line-numbers
+- "--main"
+- README.rdoc
 require_paths:
 - lib
 required_ruby_version: !ruby/object:Gem::Requirement
-  none: false
   requirements:
-  - - ! '>='
+  - - ">="
     - !ruby/object:Gem::Version
-      version: 1.8.2
+      version: '1.8'
 required_rubygems_version: !ruby/object:Gem::Requirement
-  none: false
   requirements:
-  - - ! '>='
+  - - ">="
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
 rubyforge_project: 
-rubygems_version: 1.8.24
+rubygems_version: 2.5.1
 signing_key: 
-specification_version: 3
-summary: Provides POSIX tarchive management from Ruby programs.
-test_files:
-- tests/testall.rb
+specification_version: 4
+summary: The minitar library is a pure-Ruby library that provides the ability to deal
+  with POSIX tar(1) archive files
+test_files: []