rubyzip 1.2.1 → 1.2.2

data/lib/zip/file.rb

@@ -69,16 +69,15 @@ module Zip
       @name    = file_name
       @comment = ''
       @create  = create ? true : false # allow any truthy value to mean true
-      case
-      when !buffer && ::File.size?(file_name)
+      if !buffer && ::File.size?(file_name)
         @create = false
         @file_permissions = ::File.stat(file_name).mode
         ::File.open(name, 'rb') do |f|
           read_from_stream(f)
         end
-      when @create
+      elsif @create
         @entry_set = EntrySet.new
-      when ::File.zero?(file_name)
+      elsif ::File.zero?(file_name)
         raise Error, "File #{file_name} has zero size. Did you mean to pass the create flag?"
       else
         raise Error, "File #{file_name} not found"
@@ -151,10 +150,9 @@ module Zip
       end
 
       def get_segment_size_for_split(segment_size)
-        case
-        when MIN_SEGMENT_SIZE > segment_size
+        if MIN_SEGMENT_SIZE > segment_size
           MIN_SEGMENT_SIZE
-        when MAX_SEGMENT_SIZE < segment_size
+        elsif MAX_SEGMENT_SIZE < segment_size
           MAX_SEGMENT_SIZE
         else
           segment_size
@@ -162,8 +160,10 @@ module Zip
       end
 
       def get_partial_zip_file_name(zip_file_name, partial_zip_file_name)
-        partial_zip_file_name = zip_file_name.sub(/#{::File.basename(zip_file_name)}\z/,
-                                                  partial_zip_file_name + ::File.extname(zip_file_name)) unless partial_zip_file_name.nil?
+        unless partial_zip_file_name.nil?
+          partial_zip_file_name = zip_file_name.sub(/#{::File.basename(zip_file_name)}\z/,
+                                                    partial_zip_file_name + ::File.extname(zip_file_name))
+        end
         partial_zip_file_name ||= zip_file_name
         partial_zip_file_name
       end
@@ -237,7 +237,7 @@ module Zip
     # specified. If a block is passed the stream object is passed to the block and
     # the stream is automatically closed afterwards just as with ruby's builtin
     # File.open method.
-    def get_output_stream(entry, permission_int = nil, comment = nil, extra = nil, compressed_size = nil, crc = nil, compression_method = nil, size = nil, time = nil,  &aProc)
+    def get_output_stream(entry, permission_int = nil, comment = nil, extra = nil, compressed_size = nil, crc = nil, compression_method = nil, size = nil, time = nil, &aProc)
       new_entry =
         if entry.kind_of?(Entry)
           entry
@@ -306,7 +306,7 @@ module Zip
     # Commits changes that has been made since the previous commit to
     # the zip archive.
     def commit
-      return unless commit_required?
+      return if name.is_a?(StringIO) || !commit_required?
       on_success_replace do |tmp_file|
         ::Zip::OutputStream.open(tmp_file) do |zos|
           @entry_set.each do |e|
@@ -366,7 +366,7 @@ module Zip
     end
 
     # Creates a directory
-    def mkdir(entryName, permissionInt = 0755)
+    def mkdir(entryName, permissionInt = 0o755)
       raise Errno::EEXIST, "File exists - #{entryName}" if find_entry(entryName)
       entryName = entryName.dup.to_s
       entryName << '/' unless entryName.end_with?('/')

data/lib/zip/filesystem.rb

@@ -142,9 +142,9 @@ module Zip
 
         def ftype
           if file?
-            return 'file'
+            'file'
           elsif directory?
-            return 'directory'
+            'directory'
           else
             raise StandardError, 'Unknown file type'
           end
@@ -198,30 +198,30 @@ module Zip
       alias grpowned? exists?
 
       def readable?(fileName)
-        unix_mode_cmp(fileName, 0444)
+        unix_mode_cmp(fileName, 0o444)
       end
       alias readable_real? readable?
 
       def writable?(fileName)
-        unix_mode_cmp(fileName, 0222)
+        unix_mode_cmp(fileName, 0o222)
       end
       alias writable_real? writable?
 
       def executable?(fileName)
-        unix_mode_cmp(fileName, 0111)
+        unix_mode_cmp(fileName, 0o111)
       end
       alias executable_real? executable?
 
       def setuid?(fileName)
-        unix_mode_cmp(fileName, 04000)
+        unix_mode_cmp(fileName, 0o4000)
       end
 
       def setgid?(fileName)
-        unix_mode_cmp(fileName, 02000)
+        unix_mode_cmp(fileName, 0o2000)
       end
 
       def sticky?(fileName)
-        unix_mode_cmp(fileName, 01000)
+        unix_mode_cmp(fileName, 0o1000)
       end
 
       def umask(*args)
@@ -237,8 +237,8 @@ module Zip
         expand_path(fileName) == '/' || (!entry.nil? && entry.directory?)
       end
 
-      def open(fileName, openMode = 'r', permissionInt = 0644, &block)
-        openMode.gsub!('b', '') # ignore b option
+      def open(fileName, openMode = 'r', permissionInt = 0o644, &block)
+        openMode.delete!('b') # ignore b option
         case openMode
         when 'r'
           @mappedZip.get_input_stream(fileName, &block)
@@ -260,7 +260,7 @@ module Zip
       # Returns nil for not found and nil for directories
       def size?(fileName)
         entry = @mappedZip.find_entry(fileName)
-        (entry.nil? || entry.directory?) ? nil : entry.size
+        entry.nil? || entry.directory? ? nil : entry.size
       end
 
       def chown(ownerInt, groupInt, *filenames)
@@ -498,7 +498,7 @@ module Zip
       alias rmdir delete
       alias unlink delete
 
-      def mkdir(entryName, permissionInt = 0755)
+      def mkdir(entryName, permissionInt = 0o755)
         @mappedZip.mkdir(entryName, permissionInt)
       end
 
@@ -573,6 +573,10 @@ module Zip
         @zipFile.get_output_stream(expand_to_entry(fileName), permissionInt, &aProc)
       end
 
+      def glob(pattern, *flags, &block)
+        @zipFile.glob(expand_to_entry(pattern), *flags, &block)
+      end
+
       def read(fileName)
         @zipFile.read(expand_to_entry(fileName))
       end
@@ -586,7 +590,7 @@ module Zip
                         &continueOnExistsProc)
       end
 
-      def mkdir(fileName, permissionInt = 0755)
+      def mkdir(fileName, permissionInt = 0o755)
         @zipFile.mkdir(expand_to_entry(fileName), permissionInt)
       end
 

data/lib/zip/inflater.rb

@@ -5,7 +5,7 @@ module Zip
       @zlib_inflater           = ::Zlib::Inflate.new(-Zlib::MAX_WBITS)
       @output_buffer           = ''
       @has_returned_empty_string = false
-      @decrypter               = decrypter
+      @decrypter = decrypter
     end
 
     def sysread(number_of_bytes = nil, buf = '')

data/lib/zip/input_stream.rb

@@ -129,23 +129,26 @@ module Zip
       end
       if @current_entry && @current_entry.gp_flags & 8 == 8 && @current_entry.crc == 0 \
         && @current_entry.compressed_size == 0 \
-        && @current_entry.size == 0 && !@internal
+        && @current_entry.size == 0 && !@complete_entry
         raise GPFBit3Error,
               'General purpose flag Bit 3 is set so not possible to get proper info from local header.' \
               'Please use ::Zip::File instead of ::Zip::InputStream'
       end
-      @decompressor  = get_decompressor
+      @decompressor = get_decompressor
       flush
       @current_entry
     end
 
     def get_decompressor
-      case
-      when @current_entry.nil?
+      if @current_entry.nil?
         ::Zip::NullDecompressor
-      when @current_entry.compression_method == ::Zip::Entry::STORED
-        ::Zip::PassThruDecompressor.new(@archive_io, @current_entry.size)
-      when @current_entry.compression_method == ::Zip::Entry::DEFLATED
+      elsif @current_entry.compression_method == ::Zip::Entry::STORED
+        if @current_entry.gp_flags & 8 == 8 && @current_entry.crc == 0 && @current_entry.size == 0 && @complete_entry
+          ::Zip::PassThruDecompressor.new(@archive_io, @complete_entry.size)
+        else
+          ::Zip::PassThruDecompressor.new(@archive_io, @current_entry.size)
+        end
+      elsif @current_entry.compression_method == ::Zip::Entry::DEFLATED
         header = @archive_io.read(@decrypter.header_bytesize)
         @decrypter.reset!(header)
         ::Zip::Inflater.new(@archive_io, @decrypter)

data/lib/zip/ioextras/abstract_input_stream.rb

@@ -33,7 +33,7 @@ module Zip
                  sysread(number_of_bytes, buf)
                end
 
-        if tbuf.nil? || tbuf.length == 0
+        if tbuf.nil? || tbuf.empty?
           return nil if number_of_bytes
           return ''
         end

data/lib/zip/ioextras/abstract_output_stream.rb

@@ -15,7 +15,7 @@ module Zip
       end
 
       def printf(a_format_string, *params)
-        self << sprintf(a_format_string, *params)
+        self << format(a_format_string, *params)
       end
 
       def putc(an_object)

data/lib/zip/output_stream.rb

@@ -87,11 +87,11 @@ module Zip
     # +entry+ can be a ZipEntry object or a string.
     def put_next_entry(entry_name, comment = nil, extra = nil, compression_method = Entry::DEFLATED, level = Zip.default_compression)
       raise Error, 'zip stream is closed' if @closed
-      if entry_name.kind_of?(Entry)
-        new_entry = entry_name
-      else
-        new_entry = Entry.new(@file_name, entry_name.to_s)
-      end
+      new_entry = if entry_name.kind_of?(Entry)
+                    entry_name
+                  else
+                    Entry.new(@file_name, entry_name.to_s)
+                  end
       new_entry.comment = comment unless comment.nil?
       unless extra.nil?
         new_entry.extra = extra.is_a?(ExtraField) ? extra : ExtraField.new(extra.to_s)

data/lib/zip/pass_thru_decompressor.rb

@@ -1,5 +1,5 @@
 module Zip
-  class PassThruDecompressor < Decompressor  #:nodoc:all
+  class PassThruDecompressor < Decompressor #:nodoc:all
     def initialize(input_stream, chars_to_read)
       super(input_stream)
       @chars_to_read = chars_to_read

data/lib/zip/streamable_stream.rb

@@ -5,7 +5,7 @@ module Zip
       dirname = if zipfile.is_a?(::String)
                   ::File.dirname(zipfile)
                 else
-                  '.'
+                  nil
                 end
       @temp_file = Tempfile.new(::File.basename(name), dirname)
       @temp_file.binmode

data/lib/zip/version.rb

@@ -1,3 +1,3 @@
 module Zip
-  VERSION = '1.2.1'
+  VERSION = '1.2.2'
 end

data/samples/example_recursive.rb

@@ -19,37 +19,36 @@ class ZipFileGenerator
 
   # Zip the input directory.
   def write
-    entries = Dir.entries(@input_dir) - %w(. ..)
+    entries = Dir.entries(@input_dir) - %w[. ..]
 
-    ::Zip::File.open(@output_file, ::Zip::File::CREATE) do |io|
-      write_entries entries, '', io
+    ::Zip::File.open(@output_file, ::Zip::File::CREATE) do |zipfile|
+      write_entries entries, '', zipfile
     end
   end
 
   private
 
   # A helper method to make the recursion work.
-  def write_entries(entries, path, io)
+  def write_entries(entries, path, zipfile)
     entries.each do |e|
-      zip_file_path = path == '' ? e : File.join(path, e)
-      disk_file_path = File.join(@input_dir, zip_file_path)
-      puts "Deflating #{disk_file_path}"
+      zipfile_path = path == '' ? e : File.join(path, e)
+      disk_file_path = File.join(@input_dir, zipfile_path)
 
       if File.directory? disk_file_path
-        recursively_deflate_directory(disk_file_path, io, zip_file_path)
+        recursively_deflate_directory(disk_file_path, zipfile, zipfile_path)
       else
-        put_into_archive(disk_file_path, io, zip_file_path)
+        put_into_archive(disk_file_path, zipfile, zipfile_path)
       end
     end
   end
 
-  def recursively_deflate_directory(disk_file_path, io, zip_file_path)
-    io.mkdir zip_file_path
-    subdir = Dir.entries(disk_file_path) - %w(. ..)
-    write_entries subdir, zip_file_path, io
+  def recursively_deflate_directory(disk_file_path, zipfile, zipfile_path)
+    zipfile.mkdir zipfile_path
+    subdir = Dir.entries(disk_file_path) - %w[. ..]
+    write_entries subdir, zipfile_path, zipfile
   end
 
-  def put_into_archive(disk_file_path, io, zip_file_path)
-    io.add(zip_file_path, disk_file_path)
+  def put_into_archive(disk_file_path, zipfile, zipfile_path)
+    zipfile.add(zipfile_path, disk_file_path)
   end
 end

data/samples/gtk_ruby_zip.rb

@@ -31,7 +31,7 @@ class MainApp < Gtk::Window
     sw.set_policy(Gtk::POLICY_AUTOMATIC, Gtk::POLICY_AUTOMATIC)
     box.pack_start(sw, true, true, 0)
 
-    @clist = Gtk::CList.new(%w(Name Size Compression))
+    @clist = Gtk::CList.new(%w[Name Size Compression])
     @clist.set_selection_mode(Gtk::SELECTION_BROWSE)
     @clist.set_column_width(0, 120)
     @clist.set_column_width(1, 120)

data/samples/qtzip.rb

@@ -65,7 +65,7 @@ class ZipDialog < ZipDialogUI
     end
     puts "selected_items.size = #{selected_items.size}"
     puts "unselected_items.size = #{unselected_items.size}"
-    items = selected_items.size > 0 ? selected_items : unselected_items
+    items = !selected_items.empty? ? selected_items : unselected_items
     puts "items.size = #{items.size}"
 
     d = Qt::FileDialog.get_existing_directory(nil, self)

data/samples/zipfind.rb

@@ -31,7 +31,7 @@ module Zip
   end
 end
 
-if __FILE__ == $0
+if $0 == __FILE__
   module ZipFindConsoleRunner
     PATH_ARG_INDEX = 0
     FILENAME_PATTERN_ARG_INDEX = 1
@@ -47,7 +47,7 @@ if __FILE__ == $0
     end
 
     def self.check_args(args)
-      if (args.size != 3)
+      if args.size != 3
         usage
         exit
       end

data/test/central_directory_entry_test.rb

@@ -2,7 +2,7 @@ require 'test_helper'
 
 class ZipCentralDirectoryEntryTest < MiniTest::Test
   def test_read_from_stream
-    File.open('test/data/testDirectory.bin', 'rb') do  |file|
+    File.open('test/data/testDirectory.bin', 'rb') do |file|
       entry = ::Zip::Entry.read_c_dir_entry(file)
 
       assert_equal('longAscii.txt', entry.name)

data/test/data/path_traversal/Makefile

@@ -0,0 +1,10 @@
+# Based on 'relative2' in https://github.com/jwilk/path-traversal-samples,
+# but create the local `tmp` folder before adding the symlink. Otherwise
+# we may bail out before we get to trying to create the file.
+all: relative1.zip
+relative1.zip:
+	rm -f $(@)
+	mkdir -p -m 755 tmp/tmp
+	umask 022 && echo moo > moo
+	cd tmp && zip -X ../$(@) tmp tmp/../../moo
+	rm -rf tmp moo

data/test/data/path_traversal/jwilk/README.md

@@ -0,0 +1,5 @@
+# Path Traversal Samples
+
+Copied from https://github.com/jwilk/path-traversal-samples on 2018-08-26.
+
+License: MIT

data/test/data/path_traversal/tuzovakaoff/README.md

@@ -0,0 +1,3 @@
+# Path Traversal Samples
+
+Copied from https://github.com/tuzovakaoff/zip_path_traversal on 2018-08-25.

data/test/errors_test.rb

@@ -1,4 +1,5 @@
 # encoding: utf-8
+
 require 'test_helper'
 
 class ErrorsTest < MiniTest::Test

data/test/file_permissions_test.rb

@@ -1,9 +1,8 @@
 require 'test_helper'
 
 class FilePermissionsTest < MiniTest::Test
-
-  ZIPNAME = File.join(File.dirname(__FILE__), "umask.zip")
-  FILENAME = File.join(File.dirname(__FILE__), "umask.txt")
+  ZIPNAME = File.join(File.dirname(__FILE__), 'umask.zip')
+  FILENAME = File.join(File.dirname(__FILE__), 'umask.txt')
 
   def teardown
     ::File.unlink(ZIPNAME)
@@ -16,7 +15,7 @@ class FilePermissionsTest < MiniTest::Test
   end
 
   def test_umask_000
-    set_umask(0000) do
+    set_umask(0o000) do
       create_files
     end
 
@@ -24,7 +23,7 @@ class FilePermissionsTest < MiniTest::Test
   end
 
   def test_umask_066
-    set_umask(0066) do
+    set_umask(0o066) do
       create_files
     end
 
@@ -32,7 +31,7 @@ class FilePermissionsTest < MiniTest::Test
   end
 
   def test_umask_027
-    set_umask(0027) do
+    set_umask(0o027) do
       create_files
     end
 
@@ -48,7 +47,7 @@ class FilePermissionsTest < MiniTest::Test
 
   def create_files
     ::Zip::File.open(ZIPNAME, ::Zip::File::CREATE) do |zip|
-      zip.comment = "test"
+      zip.comment = 'test'
     end
 
     ::File.open(FILENAME, 'w') do |file|
@@ -57,13 +56,10 @@ class FilePermissionsTest < MiniTest::Test
   end
 
   # If anything goes wrong, make sure the umask is restored.
-  def set_umask(umask, &block)
-    begin
-      saved_umask = ::File.umask(umask)
-      yield
-    ensure
-      ::File.umask(saved_umask)
-    end
+  def set_umask(umask)
+    saved_umask = ::File.umask(umask)
+    yield
+  ensure
+    ::File.umask(saved_umask)
   end
-
 end