rubyzip 0.9.9 → 1.3.0

data/test/file_extract_directory_test.rb

@@ -0,0 +1,54 @@
+require 'test_helper'
+
+class ZipFileExtractDirectoryTest < MiniTest::Test
+  include CommonZipFileFixture
+
+  TEST_OUT_NAME = 'test/data/generated/emptyOutDir'
+
+  def open_zip(&aProc)
+    assert(!aProc.nil?)
+    ::Zip::File.open(TestZipFile::TEST_ZIP4.zip_name, &aProc)
+  end
+
+  def extract_test_dir(&aProc)
+    open_zip do |zf|
+      zf.extract(TestFiles::EMPTY_TEST_DIR, TEST_OUT_NAME, &aProc)
+    end
+  end
+
+  def setup
+    super
+
+    Dir.rmdir(TEST_OUT_NAME) if File.directory? TEST_OUT_NAME
+    File.delete(TEST_OUT_NAME) if File.exist? TEST_OUT_NAME
+  end
+
+  def test_extract_directory
+    extract_test_dir
+    assert(File.directory?(TEST_OUT_NAME))
+  end
+
+  def test_extract_directory_exists_as_dir
+    Dir.mkdir TEST_OUT_NAME
+    extract_test_dir
+    assert(File.directory?(TEST_OUT_NAME))
+  end
+
+  def test_extract_directory_exists_as_file
+    File.open(TEST_OUT_NAME, 'w') { |f| f.puts 'something' }
+    assert_raises(::Zip::DestinationFileExistsError) { extract_test_dir }
+  end
+
+  def test_extract_directory_exists_as_file_overwrite
+    File.open(TEST_OUT_NAME, 'w') { |f| f.puts 'something' }
+    gotCalled = false
+    extract_test_dir do |entry, destPath|
+      gotCalled = true
+      assert_equal(TEST_OUT_NAME, destPath)
+      assert(entry.directory?)
+      true
+    end
+    assert(gotCalled)
+    assert(File.directory?(TEST_OUT_NAME))
+  end
+end

data/test/file_extract_test.rb

@@ -0,0 +1,145 @@
+require 'test_helper'
+
+class ZipFileExtractTest < MiniTest::Test
+  include CommonZipFileFixture
+  EXTRACTED_FILENAME = 'test/data/generated/extEntry'
+  ENTRY_TO_EXTRACT, *REMAINING_ENTRIES = TEST_ZIP.entry_names.reverse
+
+  def setup
+    super
+    ::File.delete(EXTRACTED_FILENAME) if ::File.exist?(EXTRACTED_FILENAME)
+  end
+
+  def teardown
+    ::Zip.reset!
+  end
+
+  def test_extract
+    ::Zip::File.open(TEST_ZIP.zip_name) do |zf|
+      zf.extract(ENTRY_TO_EXTRACT, EXTRACTED_FILENAME)
+
+      assert(File.exist?(EXTRACTED_FILENAME))
+      AssertEntry.assert_contents(EXTRACTED_FILENAME,
+                                  zf.get_input_stream(ENTRY_TO_EXTRACT) { |is| is.read })
+
+      ::File.unlink(EXTRACTED_FILENAME)
+
+      entry = zf.get_entry(ENTRY_TO_EXTRACT)
+      entry.extract(EXTRACTED_FILENAME)
+
+      assert(File.exist?(EXTRACTED_FILENAME))
+      AssertEntry.assert_contents(EXTRACTED_FILENAME,
+                                  entry.get_input_stream { |is| is.read })
+    end
+  end
+
+  def test_extract_exists
+    writtenText = 'written text'
+    ::File.open(EXTRACTED_FILENAME, 'w') { |f| f.write(writtenText) }
+
+    assert_raises(::Zip::DestinationFileExistsError) do
+      ::Zip::File.open(TEST_ZIP.zip_name) do |zf|
+        zf.extract(zf.entries.first, EXTRACTED_FILENAME)
+      end
+    end
+    File.open(EXTRACTED_FILENAME, 'r') do |f|
+      assert_equal(writtenText, f.read)
+    end
+  end
+
+  def test_extract_exists_overwrite
+    writtenText = 'written text'
+    ::File.open(EXTRACTED_FILENAME, 'w') { |f| f.write(writtenText) }
+
+    gotCalledCorrectly = false
+    ::Zip::File.open(TEST_ZIP.zip_name) do |zf|
+      zf.extract(zf.entries.first, EXTRACTED_FILENAME) do |entry, extractLoc|
+        gotCalledCorrectly = zf.entries.first == entry &&
+                             extractLoc == EXTRACTED_FILENAME
+        true
+      end
+    end
+
+    assert(gotCalledCorrectly)
+    ::File.open(EXTRACTED_FILENAME, 'r') do |f|
+      assert(writtenText != f.read)
+    end
+  end
+
+  def test_extract_non_entry
+    zf = ::Zip::File.new(TEST_ZIP.zip_name)
+    assert_raises(Errno::ENOENT) { zf.extract('nonExistingEntry', 'nonExistingEntry') }
+  ensure
+    zf.close if zf
+  end
+
+  def test_extract_non_entry_2
+    outFile = 'outfile'
+    assert_raises(Errno::ENOENT) do
+      zf = ::Zip::File.new(TEST_ZIP.zip_name)
+      nonEntry = 'hotdog-diddelidoo'
+      assert(!zf.entries.include?(nonEntry))
+      zf.extract(nonEntry, outFile)
+      zf.close
+    end
+    assert(!File.exist?(outFile))
+  end
+
+  def test_extract_incorrect_size
+    # The uncompressed size fields in the zip file cannot be trusted. This makes
+    # it harder for callers to validate the sizes of the files they are
+    # extracting, which can lead to denial of service. See also
+    # https://en.wikipedia.org/wiki/Zip_bomb
+    Dir.mktmpdir do |tmp|
+      real_zip = File.join(tmp, 'real.zip')
+      fake_zip = File.join(tmp, 'fake.zip')
+      file_name = 'a'
+      true_size = 500_000
+      fake_size = 1
+
+      ::Zip::File.open(real_zip, ::Zip::File::CREATE) do |zf|
+        zf.get_output_stream(file_name) do |os|
+          os.write 'a' * true_size
+        end
+      end
+
+      compressed_size = nil
+      ::Zip::File.open(real_zip) do |zf|
+        a_entry = zf.find_entry(file_name)
+        compressed_size = a_entry.compressed_size
+        assert_equal true_size, a_entry.size
+      end
+
+      true_size_bytes = [compressed_size, true_size, file_name.size].pack('LLS')
+      fake_size_bytes = [compressed_size, fake_size, file_name.size].pack('LLS')
+
+      data = File.binread(real_zip)
+      assert data.include?(true_size_bytes)
+      data.gsub! true_size_bytes, fake_size_bytes
+
+      File.open(fake_zip, 'wb') do |file|
+        file.write data
+      end
+
+      Dir.chdir tmp do
+        ::Zip::File.open(fake_zip) do |zf|
+          a_entry = zf.find_entry(file_name)
+          assert_equal fake_size, a_entry.size
+
+          ::Zip.validate_entry_sizes = false
+          a_entry.extract
+          assert_equal true_size, File.size(file_name)
+          FileUtils.rm file_name
+
+          ::Zip.validate_entry_sizes = true
+          error = assert_raises ::Zip::EntrySizeError do
+            a_entry.extract
+          end
+          assert_equal \
+            'Entry a should be 1B but is larger when inflated',
+            error.message
+        end
+      end
+    end
+  end
+end

data/test/file_permissions_test.rb

@@ -0,0 +1,65 @@
+require 'test_helper'
+
+class FilePermissionsTest < MiniTest::Test
+  ZIPNAME = File.join(File.dirname(__FILE__), 'umask.zip')
+  FILENAME = File.join(File.dirname(__FILE__), 'umask.txt')
+
+  def teardown
+    ::File.unlink(ZIPNAME)
+    ::File.unlink(FILENAME)
+  end
+
+  def test_current_umask
+    create_files
+    assert_matching_permissions FILENAME, ZIPNAME
+  end
+
+  def test_umask_000
+    set_umask(0o000) do
+      create_files
+    end
+
+    assert_matching_permissions FILENAME, ZIPNAME
+  end
+
+  def test_umask_066
+    set_umask(0o066) do
+      create_files
+    end
+
+    assert_matching_permissions FILENAME, ZIPNAME
+  end
+
+  def test_umask_027
+    set_umask(0o027) do
+      create_files
+    end
+
+    assert_matching_permissions FILENAME, ZIPNAME
+  end
+
+  def assert_matching_permissions(expected_file, actual_file)
+    assert_equal(
+      ::File.stat(expected_file).mode.to_s(8).rjust(4, '0'),
+      ::File.stat(actual_file).mode.to_s(8).rjust(4, '0')
+    )
+  end
+
+  def create_files
+    ::Zip::File.open(ZIPNAME, ::Zip::File::CREATE) do |zip|
+      zip.comment = 'test'
+    end
+
+    ::File.open(FILENAME, 'w') do |file|
+      file << 'test'
+    end
+  end
+
+  # If anything goes wrong, make sure the umask is restored.
+  def set_umask(umask)
+    saved_umask = ::File.umask(umask)
+    yield
+  ensure
+    ::File.umask(saved_umask)
+  end
+end

data/test/file_split_test.rb

@@ -0,0 +1,57 @@
+require 'test_helper'
+
+class ZipFileSplitTest < MiniTest::Test
+  TEST_ZIP = TestZipFile::TEST_ZIP2.clone
+  TEST_ZIP.zip_name = 'large_zip_file.zip'
+  EXTRACTED_FILENAME = 'test/data/generated/extEntrySplit'
+  UNSPLITTED_FILENAME = 'test/data/generated/unsplitted.zip'
+  ENTRY_TO_EXTRACT = TEST_ZIP.entry_names.first
+
+  def setup
+    FileUtils.cp(TestZipFile::TEST_ZIP2.zip_name, TEST_ZIP.zip_name)
+  end
+
+  def teardown
+    File.delete(TEST_ZIP.zip_name)
+    File.delete(UNSPLITTED_FILENAME) if File.exist?(UNSPLITTED_FILENAME)
+
+    Dir["#{TEST_ZIP.zip_name}.*"].each do |zip_file_name|
+      File.delete(zip_file_name) if File.exist?(zip_file_name)
+    end
+  end
+
+  def test_split_method_respond
+    assert_respond_to ::Zip::File, :split, 'Does not have split class method'
+  end
+
+  def test_split
+    result = ::Zip::File.split(TEST_ZIP.zip_name, 65_536, false)
+
+    return if result.nil?
+    Dir["#{TEST_ZIP.zip_name}.*"].sort.each_with_index do |zip_file_name, index|
+      File.open(zip_file_name, 'rb') do |zip_file|
+        zip_file.read([::Zip::File::SPLIT_SIGNATURE].pack('V').size) if index == 0
+        File.open(UNSPLITTED_FILENAME, 'ab') do |file|
+          file << zip_file.read
+        end
+      end
+    end
+
+    ::Zip::File.open(UNSPLITTED_FILENAME) do |zf|
+      zf.extract(ENTRY_TO_EXTRACT, EXTRACTED_FILENAME)
+
+      assert(File.exist?(EXTRACTED_FILENAME))
+      AssertEntry.assert_contents(EXTRACTED_FILENAME,
+                                  zf.get_input_stream(ENTRY_TO_EXTRACT) { |is| is.read })
+
+      File.unlink(EXTRACTED_FILENAME)
+
+      entry = zf.get_entry(ENTRY_TO_EXTRACT)
+      entry.extract(EXTRACTED_FILENAME)
+
+      assert(File.exist?(EXTRACTED_FILENAME))
+      AssertEntry.assert_contents(EXTRACTED_FILENAME,
+                                  entry.get_input_stream { |is| is.read })
+    end
+  end
+end