rubyzip 1.1.7 → 2.3.2

data/lib/zip/entry.rb

@@ -1,3 +1,4 @@
+require 'pathname'
 module Zip
   class Entry
     STORED   = 0
@@ -7,6 +8,7 @@ module Zip
 
     attr_accessor :comment, :compressed_size, :crc, :extra, :compression_method,
                   :name, :size, :local_header_offset, :zipfile, :fstype, :external_file_attributes,
+                  :internal_file_attributes,
                   :gp_flags, :header_signature, :follow_symlinks,
                   :restore_times, :restore_permissions, :restore_ownership,
                   :unix_uid, :unix_gid, :unix_perms,
@@ -32,22 +34,22 @@ module Zip
       end
       @follow_symlinks = false
 
-      @restore_times       = true
+      @restore_times       = false
       @restore_permissions = false
       @restore_ownership   = false
       # BUG: need an extra field to support uid/gid's
       @unix_uid            = nil
       @unix_gid            = nil
       @unix_perms          = nil
-      #@posix_acl = nil
-      #@ntfs_acl = nil
+      # @posix_acl = nil
+      # @ntfs_acl = nil
       @dirty               = false
     end
 
     def check_name(name)
-      if name.start_with?('/')
-        raise ::Zip::EntryNameError, "Illegal ZipEntry name '#{name}', name must not start with /"
-      end
+      return unless name.start_with?('/')
+
+      raise ::Zip::EntryNameError, "Illegal ZipEntry name '#{name}', name must not start with /"
     end
 
     def initialize(*args)
@@ -68,7 +70,15 @@ module Zip
       @time               = args[8] || ::Zip::DOSTime.now
 
       @ftype = name_is_directory? ? :directory : :file
-      @extra = ::Zip::ExtraField.new(@extra.to_s) unless ::Zip::ExtraField === @extra
+      @extra = ::Zip::ExtraField.new(@extra.to_s) unless @extra.kind_of?(::Zip::ExtraField)
+    end
+
+    def encrypted?
+      gp_flags & 1 == 1
+    end
+
+    def incomplete?
+      gp_flags & 8 == 8
     end
 
     def time
@@ -83,23 +93,24 @@ module Zip
       end
     end
 
-    alias :mtime :time
+    alias mtime time
 
     def time=(value)
       unless @extra.member?('UniversalTime') || @extra.member?('NTFS')
         @extra.create('UniversalTime')
       end
       (@extra['UniversalTime'] || @extra['NTFS']).mtime = value
-      @time                         = value
+      @time = value
     end
 
     def file_type_is?(type)
-      raise InternalError, "current filetype is unknown: #{self.inspect}" unless @ftype
+      raise InternalError, "current filetype is unknown: #{inspect}" unless @ftype
+
       @ftype == type
     end
 
     # Dynamic checkers
-    %w(directory file symlink).each do |k|
+    %w[directory file symlink].each do |k|
       define_method "#{k}?" do
         file_type_is?(k.to_sym)
       end
@@ -109,6 +120,18 @@ module Zip
       @name.end_with?('/')
     end
 
+    # Is the name a relative path, free of `..` patterns that could lead to
+    # path traversal attacks? This does NOT handle symlinks; if the path
+    # contains symlinks, this check is NOT enough to guarantee safety.
+    def name_safe?
+      cleanpath = Pathname.new(@name).cleanpath
+      return false unless cleanpath.relative?
+
+      root = ::File::SEPARATOR
+      naive_expanded_path = ::File.join(root, cleanpath.to_s)
+      ::File.absolute_path(cleanpath.to_s, root) == naive_expanded_path
+    end
+
     def local_entry_offset #:nodoc:all
       local_header_offset + @local_header_size
     end
@@ -133,6 +156,7 @@ module Zip
     # that we didn't change the header size (and thus clobber file data or something)
     def verify_local_header_size!
       return if @local_header_size.nil?
+
       new_size = calculate_local_header_size
       raise Error, "local header size changed (#{@local_header_size} -> #{new_size})" if @local_header_size != new_size
     end
@@ -143,19 +167,24 @@ module Zip
     end
 
     def next_header_offset #:nodoc:all
-      local_entry_offset + self.compressed_size + data_descriptor_size
+      local_entry_offset + compressed_size + data_descriptor_size
     end
 
     # Extracts entry to file dest_path (defaults to @name).
-    def extract(dest_path = @name, &block)
+    # NB: The caller is responsible for making sure dest_path is safe, if it
+    # is passed.
+    def extract(dest_path = nil, &block)
+      if dest_path.nil? && !name_safe?
+        warn "WARNING: skipped '#{@name}' as unsafe."
+        return self
+      end
+
+      dest_path ||= @name
       block ||= proc { ::Zip.on_exists_proc }
 
-      if directory? || file? || symlink?
-        self.__send__("create_#{@ftype}", dest_path, &block)
-      else
-        raise RuntimeError, "unknown file type #{self.inspect}"
-      end
+      raise "unknown file type #{inspect}" unless directory? || file? || symlink?
 
+      __send__("create_#{@ftype}", dest_path, &block)
       self
     end
 
@@ -163,27 +192,25 @@ module Zip
       @name
     end
 
-    protected
-
     class << self
       def read_zip_short(io) # :nodoc:
-        io.read(2).unpack('v')[0]
+        io.read(2).unpack1('v')
       end
 
       def read_zip_long(io) # :nodoc:
-        io.read(4).unpack('V')[0]
+        io.read(4).unpack1('V')
       end
 
       def read_zip_64_long(io) # :nodoc:
-        io.read(8).unpack('Q<')[0]
+        io.read(8).unpack1('Q<')
       end
 
       def read_c_dir_entry(io) #:nodoc:all
-        path = if io.is_a?(::IO)
-              io.path
-             else
-               io
-             end
+        path = if io.respond_to?(:path)
+                 io.path
+               else
+                 io
+               end
         entry = new(path)
         entry.read_c_dir_entry(io)
         entry
@@ -192,17 +219,14 @@ module Zip
       end
 
       def read_local_entry(io)
-        entry = self.new(io)
+        entry = new(io)
         entry.read_local_entry(io)
         entry
       rescue Error
         nil
       end
-
     end
 
-    public
-
     def unpack_local_entry(buf)
       @header_signature,
         @version,
@@ -221,10 +245,10 @@ module Zip
     def read_local_entry(io) #:nodoc:all
       @local_header_offset = io.tell
 
-      static_sized_fields_buf = io.read(::Zip::LOCAL_ENTRY_STATIC_HEADER_LENGTH)
+      static_sized_fields_buf = io.read(::Zip::LOCAL_ENTRY_STATIC_HEADER_LENGTH) || ''
 
       unless static_sized_fields_buf.bytesize == ::Zip::LOCAL_ENTRY_STATIC_HEADER_LENGTH
-        raise Error, "Premature end of file. Not enough data for zip entry local header"
+        raise Error, 'Premature end of file. Not enough data for zip entry local header'
       end
 
       unpack_local_entry(static_sized_fields_buf)
@@ -232,22 +256,27 @@ module Zip
       unless @header_signature == ::Zip::LOCAL_ENTRY_SIGNATURE
         raise ::Zip::Error, "Zip local header magic not found at location '#{local_header_offset}'"
       end
+
       set_time(@last_mod_date, @last_mod_time)
 
       @name = io.read(@name_length)
       extra = io.read(@extra_length)
 
-      @name.gsub!('\\', '/')
+      @name.tr!('\\', '/')
+      if ::Zip.force_entry_names_encoding
+        @name.force_encoding(::Zip.force_entry_names_encoding)
+      end
 
       if extra && extra.bytesize != @extra_length
-        raise ::Zip::Error, "Truncated local zip entry header"
+        raise ::Zip::Error, 'Truncated local zip entry header'
+      end
+
+      if @extra.kind_of?(::Zip::ExtraField)
+        @extra.merge(extra) if extra
       else
-        if ::Zip::ExtraField === @extra
-          @extra.merge(extra)
-        else
-          @extra = ::Zip::ExtraField.new(extra)
-        end
+        @extra = ::Zip::ExtraField.new(extra)
       end
+
       parse_zip64_extra(true)
       @local_header_size = calculate_local_header_size
     end
@@ -256,13 +285,13 @@ module Zip
       zip64 = @extra['Zip64']
       [::Zip::LOCAL_ENTRY_SIGNATURE,
        @version_needed_to_extract, # version needed to extract
-       @gp_flags, # @gp_flags                  ,
+       @gp_flags, # @gp_flags
        @compression_method,
-       @time.to_binary_dos_time, # @last_mod_time              ,
-       @time.to_binary_dos_date, # @last_mod_date              ,
+       @time.to_binary_dos_time, # @last_mod_time
+       @time.to_binary_dos_date, # @last_mod_date
        @crc,
-       (zip64 && zip64.compressed_size) ? 0xFFFFFFFF : @compressed_size,
-       (zip64 && zip64.original_size) ? 0xFFFFFFFF : @size,
+       zip64 && zip64.compressed_size ? 0xFFFFFFFF : @compressed_size,
+       zip64 && zip64.original_size ? 0xFFFFFFFF : @size,
        name_size,
        @extra ? @extra.local_size : 0].pack('VvvvvvVVVvv')
     end
@@ -306,7 +335,7 @@ module Zip
     def set_ftype_from_c_dir_entry
       @ftype = case @fstype
                when ::Zip::FSTYPE_UNIX
-                 @unix_perms = (@external_file_attributes >> 16) & 07777
+                 @unix_perms = (@external_file_attributes >> 16) & 0o7777
                  case (@external_file_attributes >> 28)
                  when ::Zip::FILE_TYPE_DIR
                    :directory
@@ -315,8 +344,8 @@ module Zip
                  when ::Zip::FILE_TYPE_SYMLINK
                    :symlink
                  else
-                   #best case guess for whether it is a file or not
-                   #Otherwise this would be set to unknown and that entry would never be able to extracted
+                   # best case guess for whether it is a file or not
+                   # Otherwise this would be set to unknown and that entry would never be able to extracted
                    if name_is_directory?
                      :directory
                    else
@@ -333,25 +362,25 @@ module Zip
     end
 
     def check_c_dir_entry_static_header_length(buf)
-      unless buf.bytesize == ::Zip::CDIR_ENTRY_STATIC_HEADER_LENGTH
-        raise Error, 'Premature end of file. Not enough data for zip cdir entry header'
-      end
+      return if buf.bytesize == ::Zip::CDIR_ENTRY_STATIC_HEADER_LENGTH
+
+      raise Error, 'Premature end of file. Not enough data for zip cdir entry header'
     end
 
     def check_c_dir_entry_signature
-      unless header_signature == ::Zip::CENTRAL_DIRECTORY_ENTRY_SIGNATURE
-        raise Error, "Zip local header magic not found at location '#{local_header_offset}'"
-      end
+      return if header_signature == ::Zip::CENTRAL_DIRECTORY_ENTRY_SIGNATURE
+
+      raise Error, "Zip local header magic not found at location '#{local_header_offset}'"
     end
 
     def check_c_dir_entry_comment_size
-      unless @comment && @comment.bytesize == @comment_length
-        raise ::Zip::Error, "Truncated cdir zip entry header"
-      end
+      return if @comment && @comment.bytesize == @comment_length
+
+      raise ::Zip::Error, 'Truncated cdir zip entry header'
     end
 
     def read_c_dir_extra_field(io)
-      if @extra.is_a?(::Zip::ExtraField)
+      if @extra.kind_of?(::Zip::ExtraField)
         @extra.merge(io.read(@extra_length))
       else
         @extra = ::Zip::ExtraField.new(io.read(@extra_length))
@@ -364,7 +393,10 @@ module Zip
       unpack_c_dir_entry(static_sized_fields_buf)
       check_c_dir_entry_signature
       set_time(@last_mod_date, @last_mod_time)
-      @name = io.read(@name_length).tr('\\', '/')
+      @name = io.read(@name_length)
+      if ::Zip.force_entry_names_encoding
+        @name.force_encoding(::Zip.force_entry_names_encoding)
+      end
       read_c_dir_extra_field(io)
       @comment = io.read(@comment_length)
       check_c_dir_entry_comment_size
@@ -374,37 +406,41 @@ module Zip
 
     def file_stat(path) # :nodoc:
       if @follow_symlinks
-        ::File::stat(path)
+        ::File.stat(path)
       else
-        ::File::lstat(path)
+        ::File.lstat(path)
       end
     end
 
     def get_extra_attributes_from_path(path) # :nodoc:
-      unless Zip::RUNNING_ON_WINDOWS
-        stat        = file_stat(path)
-        @unix_uid   = stat.uid
-        @unix_gid   = stat.gid
-        @unix_perms = stat.mode & 07777
-      end
+      return if Zip::RUNNING_ON_WINDOWS
+
+      stat        = file_stat(path)
+      @unix_uid   = stat.uid
+      @unix_gid   = stat.gid
+      @unix_perms = stat.mode & 0o7777
+      @time = ::Zip::DOSTime.from_time(stat.mtime)
     end
 
-    def set_unix_permissions_on_path(dest_path)
-      # BUG: does not update timestamps into account
+    def set_unix_attributes_on_path(dest_path)
       # ignore setuid/setgid bits by default.  honor if @restore_ownership
-      unix_perms_mask = 01777
-      unix_perms_mask = 07777 if @restore_ownership
+      unix_perms_mask = 0o1777
+      unix_perms_mask = 0o7777 if @restore_ownership
       ::FileUtils.chmod(@unix_perms & unix_perms_mask, dest_path) if @restore_permissions && @unix_perms
       ::FileUtils.chown(@unix_uid, @unix_gid, dest_path) if @restore_ownership && @unix_uid && @unix_gid && ::Process.egid == 0
-      # File::utimes()
+
+      # Restore the timestamp on a file. This will either have come from the
+      # original source file that was copied into the archive, or from the
+      # creation date of the archive if there was no original source file.
+      ::FileUtils.touch(dest_path, mtime: time) if @restore_times
     end
 
     def set_extra_attributes_on_path(dest_path) # :nodoc:
-      return unless (file? || directory?)
+      return unless file? || directory?
 
       case @fstype
       when ::Zip::FSTYPE_UNIX
-        set_unix_permissions_on_path(dest_path)
+        set_unix_attributes_on_path(dest_path)
       end
     end
 
@@ -414,21 +450,21 @@ module Zip
         @header_signature,
         @version, # version of encoding software
         @fstype, # filesystem type
-        @version_needed_to_extract, # @versionNeededToExtract           ,
-        @gp_flags, # @gp_flags                          ,
+        @version_needed_to_extract, # @versionNeededToExtract
+        @gp_flags, # @gp_flags
         @compression_method,
-        @time.to_binary_dos_time, # @last_mod_time                      ,
-        @time.to_binary_dos_date, # @last_mod_date                      ,
+        @time.to_binary_dos_time, # @last_mod_time
+        @time.to_binary_dos_date, # @last_mod_date
         @crc,
-        (zip64 && zip64.compressed_size) ? 0xFFFFFFFF : @compressed_size,
-        (zip64 && zip64.original_size) ? 0xFFFFFFFF : @size,
+        zip64 && zip64.compressed_size ? 0xFFFFFFFF : @compressed_size,
+        zip64 && zip64.original_size ? 0xFFFFFFFF : @size,
         name_size,
         @extra ? @extra.c_dir_size : 0,
         comment_size,
-        (zip64 && zip64.disk_start_number) ? 0xFFFF : 0, # disk number start
+        zip64 && zip64.disk_start_number ? 0xFFFF : 0, # disk number start
         @internal_file_attributes, # file type (binary=0, text=1)
         @external_file_attributes, # native filesystem attributes
-        (zip64 && zip64.relative_header_offset) ? 0xFFFFFFFF : @local_header_offset,
+        zip64 && zip64.relative_header_offset ? 0xFFFFFFFF : @local_header_offset,
         @name,
         @extra,
         @comment
@@ -441,18 +477,18 @@ module Zip
       when ::Zip::FSTYPE_UNIX
         ft = case @ftype
              when :file
-               @unix_perms ||= 0644
+               @unix_perms ||= 0o644
                ::Zip::FILE_TYPE_FILE
              when :directory
-               @unix_perms ||= 0755
+               @unix_perms ||= 0o755
                ::Zip::FILE_TYPE_DIR
              when :symlink
-               @unix_perms ||= 0755
+               @unix_perms ||= 0o755
                ::Zip::FILE_TYPE_SYMLINK
              end
 
         unless ft.nil?
-          @external_file_attributes = (ft << 12 | (@unix_perms & 07777)) << 16
+          @external_file_attributes = (ft << 12 | (@unix_perms & 0o7777)) << 16
         end
       end
 
@@ -465,15 +501,16 @@ module Zip
 
     def ==(other)
       return false unless other.class == self.class
+
       # Compares contents of local entry and exposed fields
-      keys_equal = %w(compression_method crc compressed_size size name extra filepath).all? do |k|
-        other.__send__(k.to_sym) == self.__send__(k.to_sym)
+      keys_equal = %w[compression_method crc compressed_size size name extra filepath].all? do |k|
+        other.__send__(k.to_sym) == __send__(k.to_sym)
       end
-      keys_equal && self.time.dos_equals(other.time)
+      keys_equal && time.dos_equals(other.time)
     end
 
-    def <=> (other)
-      self.to_s <=> other.to_s
+    def <=>(other)
+      to_s <=> other.to_s
     end
 
     # Returns an IO like object for the given ZipEntry.
@@ -496,6 +533,7 @@ module Zip
         end
       else
         zis = ::Zip::InputStream.new(@zipfile, local_header_offset)
+        zis.instance_variable_set(:@complete_entry, self)
         zis.get_next_entry
         if block_given?
           begin
@@ -515,8 +553,8 @@ module Zip
                when 'file'
                  if name_is_directory?
                    raise ArgumentError,
-                         "entry name '#{newEntry}' indicates directory entry, but "+
-                           "'#{src_path}' is not a directory"
+                         "entry name '#{newEntry}' indicates directory entry, but " \
+                             "'#{src_path}' is not a directory"
                  end
                  :file
                when 'directory'
@@ -525,12 +563,12 @@ module Zip
                when 'link'
                  if name_is_directory?
                    raise ArgumentError,
-                         "entry name '#{newEntry}' indicates directory entry, but "+
-                           "'#{src_path}' is not a directory"
+                         "entry name '#{newEntry}' indicates directory entry, but " \
+                             "'#{src_path}' is not a directory"
                  end
                  :symlink
                else
-                 raise RuntimeError, "unknown file type: #{src_path.inspect} #{stat.inspect}"
+                 raise "unknown file type: #{src_path.inspect} #{stat.inspect}"
                end
 
       @filepath = src_path
@@ -541,7 +579,7 @@ module Zip
       if @ftype == :directory
         zip_output_stream.put_next_entry(self, nil, nil, ::Zip::Entry::STORED)
       elsif @filepath
-        zip_output_stream.put_next_entry(self, nil, nil, self.compression_method || ::Zip::Entry::DEFLATED)
+        zip_output_stream.put_next_entry(self, nil, nil, compression_method || ::Zip::Entry::DEFLATED)
         get_input_stream { |is| ::Zip::IOExtras.copy_stream(zip_output_stream, is) }
       else
         zip_output_stream.copy_raw_entry(self)
@@ -551,14 +589,14 @@ module Zip
     def parent_as_string
       entry_name  = name.chomp('/')
       slash_index = entry_name.rindex('/')
-      slash_index ? entry_name.slice(0, slash_index+1) : nil
+      slash_index ? entry_name.slice(0, slash_index + 1) : nil
     end
 
     def get_raw_input_stream(&block)
-      if @zipfile.is_a?(::IO) || @zipfile.is_a?(::StringIO)
+      if @zipfile.respond_to?(:seek) && @zipfile.respond_to?(:read)
         yield @zipfile
       else
-        ::File.open(@zipfile, "rb", &block)
+        ::File.open(@zipfile, 'rb', &block)
       end
     end
 
@@ -571,35 +609,46 @@ module Zip
     def set_time(binary_dos_date, binary_dos_time)
       @time = ::Zip::DOSTime.parse_binary_dos_format(binary_dos_date, binary_dos_time)
     rescue ArgumentError
-      puts "Invalid date/time in zip entry" if ::Zip.warn_invalid_date
+      warn 'WARNING: invalid date/time in zip entry.' if ::Zip.warn_invalid_date
     end
 
-    def create_file(dest_path, continue_on_exists_proc = proc { Zip.continue_on_exists_proc })
+    def create_file(dest_path, _continue_on_exists_proc = proc { Zip.continue_on_exists_proc })
       if ::File.exist?(dest_path) && !yield(self, dest_path)
         raise ::Zip::DestinationFileExistsError,
               "Destination '#{dest_path}' already exists"
       end
-      ::File.open(dest_path, "wb") do |os|
+      ::File.open(dest_path, 'wb') do |os|
         get_input_stream do |is|
-          set_extra_attributes_on_path(dest_path)
-
-          buf = ''
-          while buf = is.sysread(::Zip::Decompressor::CHUNK_SIZE, buf)
+          bytes_written = 0
+          warned = false
+          buf = +''
+          while (buf = is.sysread(::Zip::Decompressor::CHUNK_SIZE, buf))
             os << buf
+            bytes_written += buf.bytesize
+            next unless bytes_written > size && !warned
+
+            message = "entry '#{name}' should be #{size}B, but is larger when inflated."
+            raise ::Zip::EntrySizeError, message if ::Zip.validate_entry_sizes
+
+            warn "WARNING: #{message}"
+            warned = true
           end
         end
       end
+
+      set_extra_attributes_on_path(dest_path)
     end
 
     def create_directory(dest_path)
       return if ::File.directory?(dest_path)
+
       if ::File.exist?(dest_path)
         if block_given? && yield(self, dest_path)
-          ::FileUtils::rm_f dest_path
+          ::FileUtils.rm_f dest_path
         else
           raise ::Zip::DestinationFileExistsError,
-                "Cannot create directory '#{dest_path}'. "+
-                  "A file already exists with that name"
+                "Cannot create directory '#{dest_path}'. " \
+                    'A file already exists with that name'
         end
       end
       ::FileUtils.mkdir_p(dest_path)
@@ -608,43 +657,20 @@ module Zip
 
     # BUG: create_symlink() does not use &block
     def create_symlink(dest_path)
-      stat = nil
-      begin
-        stat = ::File.lstat(dest_path)
-      rescue Errno::ENOENT
-      end
-
-      io     = get_input_stream
-      linkto = io.read
-
-      if stat
-        if stat.symlink?
-          if ::File.readlink(dest_path) == linkto
-            return
-          else
-            raise ::Zip::DestinationFileExistsError,
-                  "Cannot create symlink '#{dest_path}'. "+
-                    "A symlink already exists with that name"
-          end
-        else
-          raise ::Zip::DestinationFileExistsError,
-                "Cannot create symlink '#{dest_path}'. "+
-                  "A file already exists with that name"
-        end
-      end
-
-      ::File.symlink(linkto, dest_path)
+      # TODO: Symlinks pose security challenges. Symlink support temporarily
+      # removed in view of https://github.com/rubyzip/rubyzip/issues/369 .
+      warn "WARNING: skipped symlink '#{dest_path}'."
     end
 
     # apply missing data from the zip64 extra information field, if present
     # (required when file sizes exceed 2**32, but can be used for all files)
     def parse_zip64_extra(for_local_header) #:nodoc:all
-      if zip64 = @extra['Zip64']
-        if for_local_header
-          @size, @compressed_size = zip64.parse(@size, @compressed_size)
-        else
-          @size, @compressed_size, @local_header_offset = zip64.parse(@size, @compressed_size, @local_header_offset)
-        end
+      return if @extra['Zip64'].nil?
+
+      if for_local_header
+        @size, @compressed_size = @extra['Zip64'].parse(@size, @compressed_size)
+      else
+        @size, @compressed_size, @local_header_offset = @extra['Zip64'].parse(@size, @compressed_size, @local_header_offset)
       end
     end
 
@@ -655,11 +681,9 @@ module Zip
     # create a zip64 extra information field if we need one
     def prep_zip64_extra(for_local_header) #:nodoc:all
       return unless ::Zip.write_zip64_support
-      need_zip64 = @size >= 0xFFFFFFFF || @compressed_size >= 0xFFFFFFFF
-      unless for_local_header
-        need_zip64 ||= @local_header_offset >= 0xFFFFFFFF
-      end
 
+      need_zip64 = @size >= 0xFFFFFFFF || @compressed_size >= 0xFFFFFFFF
+      need_zip64 ||= @local_header_offset >= 0xFFFFFFFF unless for_local_header
       if need_zip64
         @version_needed_to_extract = VERSION_NEEDED_TO_EXTRACT_ZIP64
         @extra.delete('Zip64Placeholder')
@@ -687,7 +711,6 @@ module Zip
         end
       end
     end
-
   end
 end