minitar 1.0.2 → 1.1.0

data/README.rdoc

@@ -1,92 +0,0 @@
-= minitar
-
-home :: https://github.com/halostatue/minitar/
-code :: https://github.com/halostatue/minitar/
-bugs :: https://github.com/halostatue/minitar/issues
-rdoc :: https://rdoc.info/gems/minitar/
-cli  :: https://github.com/halostatue/minitar-cli
-
-== Description
-
-The minitar library is a pure-Ruby library that provides the ability to deal
-with POSIX tar(1) archive files.
-
-This is release 0.12. This is likely the last revision before 1.0.
-
-minitar (previously called Archive::Tar::Minitar) is based heavily on code
-originally written by Mauricio Julio Fernández Pradier for the rpa-base
-project.
-
-== Synopsis
-
-Using minitar is easy. The simplest case is:
-
-  require 'minitar'
-
-  # Packs everything that matches Find.find('tests').
-  # test.tar will automatically be closed by Minitar.pack.
-  Minitar.pack('tests', File.open('test.tar', 'wb'))
-
-  # Unpacks 'test.tar' to 'x', creating 'x' if necessary.
-  Minitar.unpack('test.tar', 'x')
-
-A gzipped tar can be written with:
-
-  require 'zlib'
-  # test.tgz will be closed automatically.
-  Minitar.pack('tests', Zlib::GzipWriter.new(File.open('test.tgz', 'wb'))
-
-  # test.tgz will be closed automatically.
-  Minitar.unpack(Zlib::GzipReader.new(File.open('test.tgz', 'rb')), 'x')
-
-As the case above shows, one need not write to a file. However, it will
-sometimes require that one dive a little deeper into the API, as in the case of
-StringIO objects. Note that I'm not providing a block with Minitar::Output, as
-Minitar::Output#close automatically closes both the Output object and the
-wrapped data stream object.
-
-  begin
-    sgz = Zlib::GzipWriter.new(StringIO.new(String.new))
-    tar = Output.new(sgz)
-    Find.find('tests') do |entry|
-      Minitar.pack_file(entry, tar)
-    end
-  ensure
-      # Closes both tar and sgz.
-    tar.close
-  end
-
-== Minitar and Security
-
-Minitar aims to be secure by default for the data *inside* of a tarfile. If
-there are any security issues discovered, please feel free to open an issue.
-Should you wish to make a more confidential report, you can find my PGP key
-information at {Keybase}[https://keybase.io/halostatue]. Bear with me: I do not
-use PGP regularly, so it may take some time to remember the command invocations
-required to successfully handle this.
-
-Minitar does *not* perform validation of path names provided to the convenience
-calsses Minitar::Output and Minitar::Input, which use Kernel.open for their
-underlying implementations when not given an IO-like object.
-
-Improper use of these classes with arbitrary input filenames may leave your
-your software to the same class of vulnerability as reported for Net::FTP
-({CVE-2017-17405}[https://nvd.nist.gov/vuln/detail/CVE-2017-17405]). Of
-particular note, "if the localfile argument starts with the '|' pipe character,
-the command following the pipe character is executed."
-
-Additionally, the use of the `open-uri` library (which extends Kernel.open with
-transparent implementations of Net::HTTP, Net::HTTPS, and Net::FTP), there are
-other possible vulnerabilities when accepting arbitrary input, as
-{detailed}[https://sakurity.com/blog/2015/02/28/openuri.html] by Egor Homakov.
-
-These security vulnerabilities may be avoided, even with the Minitar::Output
-and Minitar::Input convenience classes, by providing IO-like objects instead of
-pathname-like objects as the source or destination of these classes.
-
-== minitar Semantic Versioning
-
-The minitar library uses a {Semantic Versioning}[http://semver.org/] scheme
-with one change:
-
-* When PATCH is zero (+0+), it will be omitted from version references.

data/test/support/tar_test_helpers.rb

@@ -1,134 +0,0 @@
-module TarTestHelpers
-  Field = Struct.new(:name, :offset, :length)
-  def self.Field(name, length)
-    # standard:disable ThreadSafety/InstanceVariableInClassMethod
-    @offset ||= 0
-    field = Field.new(name, @offset, length)
-    @offset += length
-    # standard:enable ThreadSafety/InstanceVariableInClassMethod
-
-    FIELDS[name] = field
-    FIELD_ORDER << name
-    field
-  end
-
-  private
-
-  FIELDS = {}
-  FIELD_ORDER = []
-
-  Field("name", 100)
-  Field("mode", 8)
-  Field("uid", 8)
-  Field("gid", 8)
-  Field("size", 12)
-  Field("mtime", 12)
-  Field("checksum", 8)
-  Field("typeflag", 1)
-  Field("linkname", 100)
-  Field("magic", 6)
-  Field("version", 2)
-  Field("uname", 32)
-  Field("gname", 32)
-  Field("devmajor", 8)
-  Field("devminor", 8)
-  Field("prefix", 155)
-
-  BLANK_CHECKSUM = " " * 8
-  NULL_100 = "\0" * 100
-  USTAR = "ustar\0"
-  DOUBLE_ZERO = "00"
-
-  def assert_headers_equal(expected, actual)
-    FIELD_ORDER.each do |field|
-      message = if field == "checksum"
-        "Header checksums are expected to match."
-      else
-        "Header field #{field} is expected to match."
-      end
-
-      offset = FIELDS[field].offset
-      length = FIELDS[field].length
-
-      assert_equal expected[offset, length], actual[offset, length], message
-    end
-  end
-
-  def assert_modes_equal(expected, actual, name)
-    return if Minitar.windows?
-
-    assert_equal(
-      mode_string(expected),
-      mode_string(actual),
-      "Mode for #{name} does not match"
-    )
-  end
-
-  def tar_file_header(fname, dname, mode, length)
-    update_checksum(header("0", fname, dname, length, mode))
-  end
-
-  def tar_dir_header(name, prefix, mode)
-    update_checksum(header("5", name, prefix, 0, mode))
-  end
-
-  def tar_symlink_header(name, prefix, mode, target)
-    update_checksum(header("2", name, prefix, 0, mode, target))
-  end
-
-  def header(type, fname, dname, length, mode, link_name = "")
-    raw_header(type,
-      asciiz(fname, 100),
-      asciiz(dname, 155),
-      z(to_oct(length, 11)),
-      z(to_oct(mode, 7)),
-      asciiz(link_name, 100))
-  end
-
-  def raw_header(type, fname, dname, length, mode, link_name = "")
-    arr = [
-      fname, mode, z(to_oct(nil, 7)), z(to_oct(nil, 7)),
-      length, z(to_oct(0, 11)), BLANK_CHECKSUM, type,
-      asciiz(link_name, 100), USTAR, DOUBLE_ZERO, asciiz("", 32), asciiz("", 32),
-      z(to_oct(nil, 7)), z(to_oct(nil, 7)), dname
-    ]
-
-    h = arr.join.bytes.to_a.pack("C100C8C8C8C12C12C8CC100C6C2C32C32C8C8C155")
-    ret = h + "\0" * (512 - h.bytesize)
-    assert_equal 512, ret.bytesize
-    ret
-  end
-
-  def update_checksum(header)
-    header[FIELDS["checksum"].offset, FIELDS["checksum"].length] =
-      # inject(:+) was introduced in which version?
-      sp(z(to_oct(header.unpack("C*").inject { |a, e| a + e }, 6)))
-    header
-  end
-
-  def to_oct(n, pad_size)
-    if n.nil?
-      "\0" * pad_size
-    else
-      "%0#{pad_size}o" % n
-    end
-  end
-
-  def asciiz(str, length)
-    str + "\0" * (length - str.bytesize)
-  end
-
-  def sp(s)
-    s + " "
-  end
-
-  def z(s)
-    s + "\0"
-  end
-
-  def mode_string(value)
-    "%04o" % (value & 0o777)
-  end
-
-  Minitest::Test.send(:include, self)
-end