minitar 0.5.4 → 0.6

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -0,0 +1,190 @@
1
+ #!/usr/bin/env ruby
2
+
3
+ require 'minitar'
4
+ require 'minitest_helper'
5
+
6
+ class TestTarWriter < Minitest::Test
7
+ class DummyIO
8
+ attr_reader :data
9
+
10
+ def initialize
11
+ @data = ''
12
+ end
13
+
14
+ def write(dat)
15
+ data << dat
16
+ dat.size
17
+ end
18
+
19
+ def reset
20
+ @data = ''
21
+ end
22
+ end
23
+
24
+ def setup
25
+ @data = 'a' * 10
26
+ @dummyos = DummyIO.new
27
+ @os = Minitar::Writer.new(@dummyos)
28
+ end
29
+
30
+ def teardown
31
+ @os.close
32
+ end
33
+
34
+ def test_add_file_simple
35
+ @dummyos.reset
36
+
37
+ Minitar::Writer.open(@dummyos) do |os|
38
+ os.add_file_simple('lib/foo/bar', :mode => 0o644, :size => 10) do |f|
39
+ f.write 'a' * 10
40
+ end
41
+ os.add_file_simple('lib/bar/baz', :mode => 0o644, :size => 100) do |f|
42
+ f.write 'fillme'
43
+ end
44
+ end
45
+
46
+ assert_headers_equal(tar_file_header('lib/foo/bar', '', 0o644, 10),
47
+ @dummyos.data[0, 512])
48
+ assert_equal('a' * 10 + "\0" * 502, @dummyos.data[512, 512])
49
+ assert_headers_equal(tar_file_header('lib/bar/baz', '', 0o644, 100),
50
+ @dummyos.data[512 * 2, 512])
51
+ assert_equal('fillme' + "\0" * 506, @dummyos.data[512 * 3, 512])
52
+ assert_equal("\0" * 512, @dummyos.data[512 * 4, 512])
53
+ assert_equal("\0" * 512, @dummyos.data[512 * 5, 512])
54
+ end
55
+
56
+ def test_write_operations_fail_after_closed
57
+ @dummyos.reset
58
+ @os.add_file_simple('sadd', :mode => 0o644, :size => 20) { |f| }
59
+ @os.close
60
+ assert_raises(Minitar::ClosedStream) { @os.flush }
61
+ assert_raises(Minitar::ClosedStream) {
62
+ @os.add_file('dfdsf', :mode => 0o644) {}
63
+ }
64
+ assert_raises(Minitar::ClosedStream) { @os.mkdir 'sdfdsf', :mode => 0o644 }
65
+ end
66
+
67
+ def test_file_name_is_split_correctly
68
+ # test insane file lengths, and: a{100}/b{155}, etc
69
+ @dummyos.reset
70
+ names = [
71
+ "#{'a' * 155}/#{'b' * 100}",
72
+ "#{'a' * 151}/#{'qwer/' * 19}bla",
73
+ "/#{'a' * 49}/#{'b' * 50}",
74
+ "#{'a' * 49}/#{'b' * 50}x",
75
+ "#{'a' * 49}x/#{'b' * 50}"
76
+ ]
77
+ o_names = [
78
+ 'b' * 100,
79
+ "#{'qwer/' * 19}bla",
80
+ 'b' * 50,
81
+ "#{'b' * 50}x",
82
+ 'b' * 50
83
+ ]
84
+ o_prefixes = [
85
+ 'a' * 155,
86
+ 'a' * 151,
87
+ "/#{'a' * 49}",
88
+ 'a' * 49,
89
+ "#{'a' * 49}x"
90
+ ]
91
+ names.each do |name|
92
+ @os.add_file_simple(name, :mode => 0o644, :size => 10) {}
93
+ end
94
+ names.each_index do |i|
95
+ assert_headers_equal(
96
+ tar_file_header(o_names[i], o_prefixes[i], 0o644, 10),
97
+ @dummyos.data[2 * i * 512, 512]
98
+ )
99
+ end
100
+ assert_raises(Minitar::FileNameTooLong) do
101
+ @os.add_file_simple(File.join('a' * 152, 'b' * 10, 'a' * 92),
102
+ :mode => 0o644, :size => 10) {}
103
+ end
104
+ assert_raises(Minitar::FileNameTooLong) do
105
+ @os.add_file_simple(File.join('a' * 162, 'b' * 10),
106
+ :mode => 0o644, :size => 10) {}
107
+ end
108
+ assert_raises(Minitar::FileNameTooLong) do
109
+ @os.add_file_simple(File.join('a' * 10, 'b' * 110),
110
+ :mode => 0o644, :size => 10) {}
111
+ end
112
+ # Issue #6.
113
+ assert_raises(Minitar::FileNameTooLong) do
114
+ @os.add_file_simple('a' * 114, :mode => 0o644, :size => 10) {}
115
+ end
116
+ end
117
+
118
+ def test_add_file
119
+ dummyos = StringIO.new
120
+ def dummyos.method_missing(meth, *a) # rubocop:disable Style/MethodMissing
121
+ string.send(meth, *a)
122
+ end
123
+ content1 = ('a'..'z').to_a.join('') # 26
124
+ content2 = ('aa'..'zz').to_a.join('') # 1352
125
+ Minitar::Writer.open(dummyos) do |os|
126
+ os.add_file('lib/foo/bar', :mode => 0o644) { |f, _opts| f.write 'a' * 10 }
127
+ os.add_file('lib/bar/baz', :mode => 0o644) { |f, _opts| f.write content1 }
128
+ os.add_file('lib/bar/baz', :mode => 0o644) { |f, _opts| f.write content2 }
129
+ os.add_file('lib/bar/baz', :mode => 0o644) { |_f, _opts| }
130
+ end
131
+ assert_headers_equal(tar_file_header('lib/foo/bar', '', 0o644, 10),
132
+ dummyos[0, 512])
133
+ assert_equal(%Q(#{'a' * 10}#{"\0" * 502}), dummyos[512, 512])
134
+ offset = 512 * 2
135
+ [content1, content2, ''].each do |data|
136
+ assert_headers_equal(tar_file_header('lib/bar/baz', '', 0o644,
137
+ data.size), dummyos[offset, 512])
138
+ offset += 512
139
+ until !data || data == ''
140
+ chunk = data[0, 512]
141
+ data[0, 512] = ''
142
+ assert_equal(chunk + "\0" * (512 - chunk.size),
143
+ dummyos[offset, 512])
144
+ offset += 512
145
+ end
146
+ end
147
+ assert_equal("\0" * 1024, dummyos[offset, 1024])
148
+ end
149
+
150
+ def test_add_file_tests_seekability
151
+ assert_raises(Archive::Tar::Minitar::NonSeekableStream) do
152
+ @os.add_file('libdfdsfd', :mode => 0o644) { |f| }
153
+ end
154
+ end
155
+
156
+ def test_write_header
157
+ @dummyos.reset
158
+ @os.add_file_simple('lib/foo/bar', :mode => 0o644, :size => 0) {}
159
+ @os.flush
160
+ assert_headers_equal(tar_file_header('lib/foo/bar', '', 0o644, 0),
161
+ @dummyos.data[0, 512])
162
+ @dummyos.reset
163
+ @os.mkdir('lib/foo', :mode => 0o644)
164
+ assert_headers_equal(tar_dir_header('lib/foo', '', 0o644),
165
+ @dummyos.data[0, 512])
166
+ @os.mkdir('lib/bar', :mode => 0o644)
167
+ assert_headers_equal(tar_dir_header('lib/bar', '', 0o644),
168
+ @dummyos.data[512 * 1, 512])
169
+ end
170
+
171
+ def test_write_data
172
+ @dummyos.reset
173
+ @os.add_file_simple('lib/foo/bar', :mode => 0o644, :size => 10) do |f|
174
+ f.write @data
175
+ end
176
+ @os.flush
177
+ assert_equal(@data + ("\0" * (512 - @data.size)),
178
+ @dummyos.data[512, 512])
179
+ end
180
+
181
+ def test_file_size_is_checked
182
+ @dummyos.reset
183
+ assert_raises(Minitar::Writer::WriteBoundaryOverflow) do
184
+ @os.add_file_simple('lib/foo/bar', :mode => 0o644, :size => 10) do |f|
185
+ f.write '1' * 100
186
+ end
187
+ end
188
+ @os.add_file_simple('lib/foo/bar', :mode => 0o644, :size => 10) { |f| }
189
+ end
190
+ end
metadata CHANGED
@@ -1,67 +1,256 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: minitar
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.5.4
5
- prerelease:
4
+ version: '0.6'
6
5
  platform: ruby
7
6
  authors:
8
- - Austin Ziegler, Mauricio Fernandez, Antoine Toulme
9
- autorequire: archive/tar/minitar
7
+ - Austin Ziegler
8
+ autorequire:
10
9
  bindir: bin
11
10
  cert_chain: []
12
- date: 2012-11-14 00:00:00.000000000 Z
13
- dependencies: []
14
- description: Archive::Tar::Minitar is a pure-Ruby library and command-line utility
15
- that provides the ability to deal with POSIX tar(1) archive files. The implementation
16
- is based heavily on Mauricio Ferna'ndez's implementation in rpa-base, but has been
17
- reorganised to promote reuse in other projects. Antoine Toulme forked the original
18
- project on rubyforge to place it on github, under http://www.github.com/atoulme/minitar
19
- email: antoine@lunar-ocean.com
20
- executables:
21
- - minitar
11
+ date: 2017-02-07 00:00:00.000000000 Z
12
+ dependencies:
13
+ - !ruby/object:Gem::Dependency
14
+ name: minitest
15
+ requirement: !ruby/object:Gem::Requirement
16
+ requirements:
17
+ - - "~>"
18
+ - !ruby/object:Gem::Version
19
+ version: '5.9'
20
+ type: :development
21
+ prerelease: false
22
+ version_requirements: !ruby/object:Gem::Requirement
23
+ requirements:
24
+ - - "~>"
25
+ - !ruby/object:Gem::Version
26
+ version: '5.9'
27
+ - !ruby/object:Gem::Dependency
28
+ name: hoe-doofus
29
+ requirement: !ruby/object:Gem::Requirement
30
+ requirements:
31
+ - - "~>"
32
+ - !ruby/object:Gem::Version
33
+ version: '1.0'
34
+ type: :development
35
+ prerelease: false
36
+ version_requirements: !ruby/object:Gem::Requirement
37
+ requirements:
38
+ - - "~>"
39
+ - !ruby/object:Gem::Version
40
+ version: '1.0'
41
+ - !ruby/object:Gem::Dependency
42
+ name: hoe-gemspec2
43
+ requirement: !ruby/object:Gem::Requirement
44
+ requirements:
45
+ - - "~>"
46
+ - !ruby/object:Gem::Version
47
+ version: '1.1'
48
+ type: :development
49
+ prerelease: false
50
+ version_requirements: !ruby/object:Gem::Requirement
51
+ requirements:
52
+ - - "~>"
53
+ - !ruby/object:Gem::Version
54
+ version: '1.1'
55
+ - !ruby/object:Gem::Dependency
56
+ name: hoe-git
57
+ requirement: !ruby/object:Gem::Requirement
58
+ requirements:
59
+ - - "~>"
60
+ - !ruby/object:Gem::Version
61
+ version: '1.6'
62
+ type: :development
63
+ prerelease: false
64
+ version_requirements: !ruby/object:Gem::Requirement
65
+ requirements:
66
+ - - "~>"
67
+ - !ruby/object:Gem::Version
68
+ version: '1.6'
69
+ - !ruby/object:Gem::Dependency
70
+ name: hoe-rubygems
71
+ requirement: !ruby/object:Gem::Requirement
72
+ requirements:
73
+ - - "~>"
74
+ - !ruby/object:Gem::Version
75
+ version: '1.0'
76
+ type: :development
77
+ prerelease: false
78
+ version_requirements: !ruby/object:Gem::Requirement
79
+ requirements:
80
+ - - "~>"
81
+ - !ruby/object:Gem::Version
82
+ version: '1.0'
83
+ - !ruby/object:Gem::Dependency
84
+ name: hoe-travis
85
+ requirement: !ruby/object:Gem::Requirement
86
+ requirements:
87
+ - - "~>"
88
+ - !ruby/object:Gem::Version
89
+ version: '1.2'
90
+ type: :development
91
+ prerelease: false
92
+ version_requirements: !ruby/object:Gem::Requirement
93
+ requirements:
94
+ - - "~>"
95
+ - !ruby/object:Gem::Version
96
+ version: '1.2'
97
+ - !ruby/object:Gem::Dependency
98
+ name: minitest-autotest
99
+ requirement: !ruby/object:Gem::Requirement
100
+ requirements:
101
+ - - ">="
102
+ - !ruby/object:Gem::Version
103
+ version: '1.0'
104
+ - - "<"
105
+ - !ruby/object:Gem::Version
106
+ version: '2'
107
+ type: :development
108
+ prerelease: false
109
+ version_requirements: !ruby/object:Gem::Requirement
110
+ requirements:
111
+ - - ">="
112
+ - !ruby/object:Gem::Version
113
+ version: '1.0'
114
+ - - "<"
115
+ - !ruby/object:Gem::Version
116
+ version: '2'
117
+ - !ruby/object:Gem::Dependency
118
+ name: rake
119
+ requirement: !ruby/object:Gem::Requirement
120
+ requirements:
121
+ - - ">="
122
+ - !ruby/object:Gem::Version
123
+ version: '10.0'
124
+ - - "<"
125
+ - !ruby/object:Gem::Version
126
+ version: '12'
127
+ type: :development
128
+ prerelease: false
129
+ version_requirements: !ruby/object:Gem::Requirement
130
+ requirements:
131
+ - - ">="
132
+ - !ruby/object:Gem::Version
133
+ version: '10.0'
134
+ - - "<"
135
+ - !ruby/object:Gem::Version
136
+ version: '12'
137
+ - !ruby/object:Gem::Dependency
138
+ name: rdoc
139
+ requirement: !ruby/object:Gem::Requirement
140
+ requirements:
141
+ - - ">="
142
+ - !ruby/object:Gem::Version
143
+ version: '0.0'
144
+ type: :development
145
+ prerelease: false
146
+ version_requirements: !ruby/object:Gem::Requirement
147
+ requirements:
148
+ - - ">="
149
+ - !ruby/object:Gem::Version
150
+ version: '0.0'
151
+ - !ruby/object:Gem::Dependency
152
+ name: hoe
153
+ requirement: !ruby/object:Gem::Requirement
154
+ requirements:
155
+ - - "~>"
156
+ - !ruby/object:Gem::Version
157
+ version: '3.16'
158
+ type: :development
159
+ prerelease: false
160
+ version_requirements: !ruby/object:Gem::Requirement
161
+ requirements:
162
+ - - "~>"
163
+ - !ruby/object:Gem::Version
164
+ version: '3.16'
165
+ description: |-
166
+ The minitar library is a pure-Ruby library that provides the ability to deal
167
+ with POSIX tar(1) archive files.
168
+
169
+ This is release 0.6, providing a number of bug fixes including a directory
170
+ traversal vulnerability, CVE-2016-10173. This release starts the migration and
171
+ modernization of the code:
172
+
173
+ * the licence has been changed to match the modern Ruby licensing scheme
174
+ (Ruby and Simplified BSD instead of Ruby and GNU GPL);
175
+ * the +minitar+ command-line program has been separated into the
176
+ +minitar-cli+ gem; and
177
+ * the +archive-tar-minitar+ gem now points to the +minitar+ and +minitar-cli+
178
+ gems and discourages its installation.
179
+
180
+ Some of these changes may break existing programs that depend on the internal
181
+ structure of the minitar library, but every effort has been made to ensure
182
+ compatibility; inasmuch as is possible, this compatibility will be maintained
183
+ through the release of minitar 1.0 (which will have strong breaking changes).
184
+
185
+ minitar (previously called Archive::Tar::Minitar) is based heavily on code
186
+ originally written by Mauricio Julio Fernández Pradier for the rpa-base
187
+ project.
188
+ email:
189
+ - halostatue@gmail.com
190
+ executables: []
22
191
  extensions: []
23
192
  extra_rdoc_files:
24
- - README
25
- - ChangeLog
26
- - Install
193
+ - Code-of-Conduct.md
194
+ - Contributing.md
195
+ - History.md
196
+ - Licence.md
197
+ - Manifest.txt
198
+ - README.rdoc
199
+ - docs/bsdl.txt
200
+ - docs/ruby.txt
27
201
  files:
28
- - bin/minitar
29
- - ChangeLog
30
- - Install
31
- - lib/archive/tar/minitar/command.rb
32
- - lib/archive/tar/minitar.rb
202
+ - Code-of-Conduct.md
203
+ - Contributing.md
204
+ - History.md
205
+ - Licence.md
206
+ - Manifest.txt
207
+ - README.rdoc
33
208
  - Rakefile
34
- - README
35
- - tests/tc_tar.rb
36
- - tests/testall.rb
37
- homepage: http://www.github.com/atoulme/minitar
38
- licenses: []
39
- post_install_message:
209
+ - docs/bsdl.txt
210
+ - docs/ruby.txt
211
+ - lib/archive-tar-minitar.rb
212
+ - lib/archive/tar/minitar.rb
213
+ - lib/archive/tar/minitar/input.rb
214
+ - lib/archive/tar/minitar/output.rb
215
+ - lib/archive/tar/minitar/posix_header.rb
216
+ - lib/archive/tar/minitar/reader.rb
217
+ - lib/archive/tar/minitar/writer.rb
218
+ - lib/minitar.rb
219
+ - test/minitest_helper.rb
220
+ - test/support/tar_test_helpers.rb
221
+ - test/test_tar_header.rb
222
+ - test/test_tar_input.rb
223
+ - test/test_tar_output.rb
224
+ - test/test_tar_reader.rb
225
+ - test/test_tar_writer.rb
226
+ homepage: https://github.com/halostatue/minitar/
227
+ licenses:
228
+ - Ruby
229
+ - BSD-2-Clause
230
+ metadata: {}
231
+ post_install_message: |
232
+ The `minitar` executable is no longer bundled with `minitar`. If you are
233
+ expecting this executable, make sure you also install `minitar-cli`.
40
234
  rdoc_options:
41
- - --title
42
- - Archive::Tar::MiniTar -- A POSIX tarchive library
43
- - --main
44
- - README
45
- - --line-numbers
235
+ - "--main"
236
+ - README.rdoc
46
237
  require_paths:
47
238
  - lib
48
239
  required_ruby_version: !ruby/object:Gem::Requirement
49
- none: false
50
240
  requirements:
51
- - - ! '>='
241
+ - - ">="
52
242
  - !ruby/object:Gem::Version
53
- version: 1.8.2
243
+ version: '1.8'
54
244
  required_rubygems_version: !ruby/object:Gem::Requirement
55
- none: false
56
245
  requirements:
57
- - - ! '>='
246
+ - - ">="
58
247
  - !ruby/object:Gem::Version
59
248
  version: '0'
60
249
  requirements: []
61
250
  rubyforge_project:
62
- rubygems_version: 1.8.24
251
+ rubygems_version: 2.5.1
63
252
  signing_key:
64
- specification_version: 3
65
- summary: Provides POSIX tarchive management from Ruby programs.
66
- test_files:
67
- - tests/testall.rb
253
+ specification_version: 4
254
+ summary: The minitar library is a pure-Ruby library that provides the ability to deal
255
+ with POSIX tar(1) archive files
256
+ test_files: []