RubyGems - rubyzip - Versions diffs - 1.2.1 → 1.2.2 - Mend

rubyzip 1.2.1 → 1.2.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Potentially problematic release.

This version of rubyzip might be problematic. Click here for more details.

Files changed (61) hide show

checksums.yaml +4 -4
data/README.md +24 -17
data/lib/zip.rb +9 -1
data/lib/zip/central_directory.rb +3 -3
data/lib/zip/compressor.rb +1 -2
data/lib/zip/constants.rb +3 -3
data/lib/zip/crypto/null_encryption.rb +2 -4
data/lib/zip/decompressor.rb +1 -1
data/lib/zip/dos_time.rb +1 -1
data/lib/zip/entry.rb +46 -49
data/lib/zip/entry_set.rb +3 -3
data/lib/zip/extra_field.rb +1 -1
data/lib/zip/extra_field/generic.rb +1 -1
data/lib/zip/extra_field/zip64_placeholder.rb +1 -2
data/lib/zip/file.rb +12 -12
data/lib/zip/filesystem.rb +17 -13
data/lib/zip/inflater.rb +1 -1
data/lib/zip/input_stream.rb +10 -7
data/lib/zip/ioextras/abstract_input_stream.rb +1 -1
data/lib/zip/ioextras/abstract_output_stream.rb +1 -1
data/lib/zip/output_stream.rb +5 -5
data/lib/zip/pass_thru_decompressor.rb +1 -1
data/lib/zip/streamable_stream.rb +1 -1
data/lib/zip/version.rb +1 -1
data/samples/example_recursive.rb +14 -15
data/samples/gtk_ruby_zip.rb +1 -1
data/samples/qtzip.rb +1 -1
data/samples/zipfind.rb +2 -2
data/test/central_directory_entry_test.rb +1 -1
data/test/data/gpbit3stored.zip +0 -0
data/test/data/path_traversal/Makefile +10 -0
data/test/data/path_traversal/jwilk/README.md +5 -0
data/test/data/path_traversal/jwilk/absolute1.zip +0 -0
data/test/data/path_traversal/jwilk/absolute2.zip +0 -0
data/test/data/path_traversal/jwilk/dirsymlink.zip +0 -0
data/test/data/path_traversal/jwilk/dirsymlink2a.zip +0 -0
data/test/data/path_traversal/jwilk/dirsymlink2b.zip +0 -0
data/test/data/path_traversal/jwilk/relative0.zip +0 -0
data/test/data/path_traversal/jwilk/relative2.zip +0 -0
data/test/data/path_traversal/jwilk/symlink.zip +0 -0
data/test/data/path_traversal/relative1.zip +0 -0
data/test/data/path_traversal/tuzovakaoff/README.md +3 -0
data/test/data/path_traversal/tuzovakaoff/absolutepath.zip +0 -0
data/test/data/path_traversal/tuzovakaoff/symlink.zip +0 -0
data/test/data/rubycode.zip +0 -0
data/test/errors_test.rb +1 -0
data/test/file_permissions_test.rb +11 -15
data/test/file_test.rb +27 -9
data/test/filesystem/dir_iterator_test.rb +1 -1
data/test/filesystem/directory_test.rb +29 -11
data/test/filesystem/file_mutating_test.rb +3 -4
data/test/filesystem/file_nonmutating_test.rb +31 -31
data/test/filesystem/file_stat_test.rb +4 -4
data/test/gentestfiles.rb +13 -13
data/test/input_stream_test.rb +6 -6
data/test/ioextras/abstract_output_stream_test.rb +2 -2
data/test/path_traversal_test.rb +134 -0
data/test/test_helper.rb +2 -2
data/test/unicode_file_names_and_comments_test.rb +12 -0
data/test/zip64_full_test.rb +2 -2
metadata +95 -49

data/lib/zip/file.rb CHANGED

@@ -69,16 +69,15 @@ module Zip
       @name    = file_name
       @comment = ''
       @create  = create ? true : false # allow any truthy value to mean true
-      case
-      when !buffer && ::File.size?(file_name)
+      if !buffer && ::File.size?(file_name)
         @create = false
         @file_permissions = ::File.stat(file_name).mode
         ::File.open(name, 'rb') do |f|
           read_from_stream(f)
         end
-      when @create
+      elsif @create
         @entry_set = EntrySet.new
-      when ::File.zero?(file_name)
+      elsif ::File.zero?(file_name)
         raise Error, "File #{file_name} has zero size. Did you mean to pass the create flag?"
       else
         raise Error, "File #{file_name} not found"
@@ -151,10 +150,9 @@ module Zip
       end
       def get_segment_size_for_split(segment_size)
-        case
-        when MIN_SEGMENT_SIZE > segment_size
+        if MIN_SEGMENT_SIZE > segment_size
           MIN_SEGMENT_SIZE
-        when MAX_SEGMENT_SIZE < segment_size
+        elsif MAX_SEGMENT_SIZE < segment_size
           MAX_SEGMENT_SIZE
         else
           segment_size
@@ -162,8 +160,10 @@ module Zip
       end
       def get_partial_zip_file_name(zip_file_name, partial_zip_file_name)
-        partial_zip_file_name = zip_file_name.sub(/#{::File.basename(zip_file_name)}\z/,
-                                                  partial_zip_file_name + ::File.extname(zip_file_name)) unless partial_zip_file_name.nil?
+        unless partial_zip_file_name.nil?
+          partial_zip_file_name = zip_file_name.sub(/#{::File.basename(zip_file_name)}\z/,
+                                                    partial_zip_file_name + ::File.extname(zip_file_name))
+        end
         partial_zip_file_name ||= zip_file_name
         partial_zip_file_name
       end
@@ -237,7 +237,7 @@ module Zip
     # specified. If a block is passed the stream object is passed to the block and
     # the stream is automatically closed afterwards just as with ruby's builtin
     # File.open method.
-    def get_output_stream(entry, permission_int = nil, comment = nil, extra = nil, compressed_size = nil, crc = nil, compression_method = nil, size = nil, time = nil,  &aProc)
+    def get_output_stream(entry, permission_int = nil, comment = nil, extra = nil, compressed_size = nil, crc = nil, compression_method = nil, size = nil, time = nil, &aProc)
       new_entry =
         if entry.kind_of?(Entry)
           entry
@@ -306,7 +306,7 @@ module Zip
     # Commits changes that has been made since the previous commit to
     # the zip archive.
     def commit
-      return unless commit_required?
+      return if name.is_a?(StringIO) || !commit_required?
       on_success_replace do |tmp_file|
         ::Zip::OutputStream.open(tmp_file) do |zos|
           @entry_set.each do |e|
@@ -366,7 +366,7 @@ module Zip
     end
     # Creates a directory
-    def mkdir(entryName, permissionInt = 0755)
+    def mkdir(entryName, permissionInt = 0o755)
       raise Errno::EEXIST, "File exists - #{entryName}" if find_entry(entryName)
       entryName = entryName.dup.to_s
       entryName << '/' unless entryName.end_with?('/')

data/lib/zip/filesystem.rb CHANGED

@@ -142,9 +142,9 @@ module Zip
         def ftype
           if file?
-            return 'file'
+            'file'
           elsif directory?
-            return 'directory'
+            'directory'
           else
             raise StandardError, 'Unknown file type'
           end
@@ -198,30 +198,30 @@ module Zip
       alias grpowned? exists?
       def readable?(fileName)
-        unix_mode_cmp(fileName, 0444)
+        unix_mode_cmp(fileName, 0o444)
       end
       alias readable_real? readable?
       def writable?(fileName)
-        unix_mode_cmp(fileName, 0222)
+        unix_mode_cmp(fileName, 0o222)
       end
       alias writable_real? writable?
       def executable?(fileName)
-        unix_mode_cmp(fileName, 0111)
+        unix_mode_cmp(fileName, 0o111)
       end
       alias executable_real? executable?
       def setuid?(fileName)
-        unix_mode_cmp(fileName, 04000)
+        unix_mode_cmp(fileName, 0o4000)
       end
       def setgid?(fileName)
-        unix_mode_cmp(fileName, 02000)
+        unix_mode_cmp(fileName, 0o2000)
       end
       def sticky?(fileName)
-        unix_mode_cmp(fileName, 01000)
+        unix_mode_cmp(fileName, 0o1000)
       end
       def umask(*args)
@@ -237,8 +237,8 @@ module Zip
         expand_path(fileName) == '/' || (!entry.nil? && entry.directory?)
       end
-      def open(fileName, openMode = 'r', permissionInt = 0644, &block)
-        openMode.gsub!('b', '') # ignore b option
+      def open(fileName, openMode = 'r', permissionInt = 0o644, &block)
+        openMode.delete!('b') # ignore b option
         case openMode
         when 'r'
           @mappedZip.get_input_stream(fileName, &block)
@@ -260,7 +260,7 @@ module Zip
       # Returns nil for not found and nil for directories
       def size?(fileName)
         entry = @mappedZip.find_entry(fileName)
-        (entry.nil? || entry.directory?) ? nil : entry.size
+        entry.nil? || entry.directory? ? nil : entry.size
       end
       def chown(ownerInt, groupInt, *filenames)
@@ -498,7 +498,7 @@ module Zip
       alias rmdir delete
       alias unlink delete
-      def mkdir(entryName, permissionInt = 0755)
+      def mkdir(entryName, permissionInt = 0o755)
         @mappedZip.mkdir(entryName, permissionInt)
       end
@@ -573,6 +573,10 @@ module Zip
         @zipFile.get_output_stream(expand_to_entry(fileName), permissionInt, &aProc)
       end
+      def glob(pattern, *flags, &block)
+        @zipFile.glob(expand_to_entry(pattern), *flags, &block)
+      end
       def read(fileName)
         @zipFile.read(expand_to_entry(fileName))
       end
@@ -586,7 +590,7 @@ module Zip
                         &continueOnExistsProc)
       end
-      def mkdir(fileName, permissionInt = 0755)
+      def mkdir(fileName, permissionInt = 0o755)
         @zipFile.mkdir(expand_to_entry(fileName), permissionInt)
       end

data/lib/zip/inflater.rb CHANGED

@@ -5,7 +5,7 @@ module Zip
       @zlib_inflater           = ::Zlib::Inflate.new(-Zlib::MAX_WBITS)
       @output_buffer           = ''
       @has_returned_empty_string = false
-      @decrypter               = decrypter
+      @decrypter = decrypter
     end
     def sysread(number_of_bytes = nil, buf = '')

data/lib/zip/input_stream.rb CHANGED

@@ -129,23 +129,26 @@ module Zip
       end
       if @current_entry && @current_entry.gp_flags & 8 == 8 && @current_entry.crc == 0 \
         && @current_entry.compressed_size == 0 \
-        && @current_entry.size == 0 && !@internal
+        && @current_entry.size == 0 && !@complete_entry
         raise GPFBit3Error,
               'General purpose flag Bit 3 is set so not possible to get proper info from local header.' \
               'Please use ::Zip::File instead of ::Zip::InputStream'
       end
-      @decompressor  = get_decompressor
+      @decompressor = get_decompressor
       flush
       @current_entry
     end
     def get_decompressor
-      case
-      when @current_entry.nil?
+      if @current_entry.nil?
         ::Zip::NullDecompressor
-      when @current_entry.compression_method == ::Zip::Entry::STORED
-        ::Zip::PassThruDecompressor.new(@archive_io, @current_entry.size)
-      when @current_entry.compression_method == ::Zip::Entry::DEFLATED
+      elsif @current_entry.compression_method == ::Zip::Entry::STORED
+        if @current_entry.gp_flags & 8 == 8 && @current_entry.crc == 0 && @current_entry.size == 0 && @complete_entry
+          ::Zip::PassThruDecompressor.new(@archive_io, @complete_entry.size)
+        else
+          ::Zip::PassThruDecompressor.new(@archive_io, @current_entry.size)
+        end
+      elsif @current_entry.compression_method == ::Zip::Entry::DEFLATED
         header = @archive_io.read(@decrypter.header_bytesize)
         @decrypter.reset!(header)
         ::Zip::Inflater.new(@archive_io, @decrypter)

data/lib/zip/ioextras/abstract_input_stream.rb CHANGED

@@ -33,7 +33,7 @@ module Zip
                  sysread(number_of_bytes, buf)
                end
-        if tbuf.nil? || tbuf.length == 0
+        if tbuf.nil? || tbuf.empty?
           return nil if number_of_bytes
           return ''
         end

data/lib/zip/ioextras/abstract_output_stream.rb CHANGED

@@ -15,7 +15,7 @@ module Zip
       end
       def printf(a_format_string, *params)
-        self << sprintf(a_format_string, *params)
+        self << format(a_format_string, *params)
       end
       def putc(an_object)

data/lib/zip/output_stream.rb CHANGED

@@ -87,11 +87,11 @@ module Zip
     # +entry+ can be a ZipEntry object or a string.
     def put_next_entry(entry_name, comment = nil, extra = nil, compression_method = Entry::DEFLATED, level = Zip.default_compression)
       raise Error, 'zip stream is closed' if @closed
-      if entry_name.kind_of?(Entry)
-        new_entry = entry_name
-      else
-        new_entry = Entry.new(@file_name, entry_name.to_s)
-      end
+      new_entry = if entry_name.kind_of?(Entry)
+                    entry_name
+                  else
+                    Entry.new(@file_name, entry_name.to_s)
+                  end
       new_entry.comment = comment unless comment.nil?
       unless extra.nil?
         new_entry.extra = extra.is_a?(ExtraField) ? extra : ExtraField.new(extra.to_s)

data/lib/zip/pass_thru_decompressor.rb CHANGED

@@ -1,5 +1,5 @@
 module Zip
-  class PassThruDecompressor < Decompressor  #:nodoc:all
+  class PassThruDecompressor < Decompressor #:nodoc:all
     def initialize(input_stream, chars_to_read)
       super(input_stream)
       @chars_to_read = chars_to_read

data/lib/zip/streamable_stream.rb CHANGED

@@ -5,7 +5,7 @@ module Zip
       dirname = if zipfile.is_a?(::String)
                   ::File.dirname(zipfile)
                 else
-                  '.'
+                  nil
                 end
       @temp_file = Tempfile.new(::File.basename(name), dirname)
       @temp_file.binmode

data/lib/zip/version.rb CHANGED

@@ -1,3 +1,3 @@
 module Zip
-  VERSION = '1.2.1'
+  VERSION = '1.2.2'
 end

data/samples/example_recursive.rb CHANGED

@@ -19,37 +19,36 @@ class ZipFileGenerator
   # Zip the input directory.
   def write
-    entries = Dir.entries(@input_dir) - %w(. ..)
+    entries = Dir.entries(@input_dir) - %w[. ..]
-    ::Zip::File.open(@output_file, ::Zip::File::CREATE) do |io|
-      write_entries entries, '', io
+    ::Zip::File.open(@output_file, ::Zip::File::CREATE) do |zipfile|
+      write_entries entries, '', zipfile
     end
   end
   private
   # A helper method to make the recursion work.
-  def write_entries(entries, path, io)
+  def write_entries(entries, path, zipfile)
     entries.each do |e|
-      zip_file_path = path == '' ? e : File.join(path, e)
-      disk_file_path = File.join(@input_dir, zip_file_path)
-      puts "Deflating #{disk_file_path}"
+      zipfile_path = path == '' ? e : File.join(path, e)
+      disk_file_path = File.join(@input_dir, zipfile_path)
       if File.directory? disk_file_path
-        recursively_deflate_directory(disk_file_path, io, zip_file_path)
+        recursively_deflate_directory(disk_file_path, zipfile, zipfile_path)
       else
-        put_into_archive(disk_file_path, io, zip_file_path)
+        put_into_archive(disk_file_path, zipfile, zipfile_path)
       end
     end
   end
-  def recursively_deflate_directory(disk_file_path, io, zip_file_path)
-    io.mkdir zip_file_path
-    subdir = Dir.entries(disk_file_path) - %w(. ..)
-    write_entries subdir, zip_file_path, io
+  def recursively_deflate_directory(disk_file_path, zipfile, zipfile_path)
+    zipfile.mkdir zipfile_path
+    subdir = Dir.entries(disk_file_path) - %w[. ..]
+    write_entries subdir, zipfile_path, zipfile
   end
-  def put_into_archive(disk_file_path, io, zip_file_path)
-    io.add(zip_file_path, disk_file_path)
+  def put_into_archive(disk_file_path, zipfile, zipfile_path)
+    zipfile.add(zipfile_path, disk_file_path)
   end
 end

data/samples/gtk_ruby_zip.rb CHANGED

@@ -31,7 +31,7 @@ class MainApp < Gtk::Window
     sw.set_policy(Gtk::POLICY_AUTOMATIC, Gtk::POLICY_AUTOMATIC)
     box.pack_start(sw, true, true, 0)
-    @clist = Gtk::CList.new(%w(Name Size Compression))
+    @clist = Gtk::CList.new(%w[Name Size Compression])
     @clist.set_selection_mode(Gtk::SELECTION_BROWSE)
     @clist.set_column_width(0, 120)
     @clist.set_column_width(1, 120)

data/samples/qtzip.rb CHANGED

@@ -65,7 +65,7 @@ class ZipDialog < ZipDialogUI
     end
     puts "selected_items.size = #{selected_items.size}"
     puts "unselected_items.size = #{unselected_items.size}"
-    items = selected_items.size > 0 ? selected_items : unselected_items
+    items = !selected_items.empty? ? selected_items : unselected_items
     puts "items.size = #{items.size}"
     d = Qt::FileDialog.get_existing_directory(nil, self)

data/samples/zipfind.rb CHANGED

@@ -31,7 +31,7 @@ module Zip
   end
 end
-if __FILE__ == $0
+if $0 == __FILE__
   module ZipFindConsoleRunner
     PATH_ARG_INDEX = 0
     FILENAME_PATTERN_ARG_INDEX = 1
@@ -47,7 +47,7 @@ if __FILE__ == $0
     end
     def self.check_args(args)
-      if (args.size != 3)
+      if args.size != 3
         usage
         exit
       end

data/test/central_directory_entry_test.rb CHANGED

@@ -2,7 +2,7 @@ require 'test_helper'
 class ZipCentralDirectoryEntryTest < MiniTest::Test
   def test_read_from_stream
-    File.open('test/data/testDirectory.bin', 'rb') do  |file|
+    File.open('test/data/testDirectory.bin', 'rb') do |file|
       entry = ::Zip::Entry.read_c_dir_entry(file)
       assert_equal('longAscii.txt', entry.name)

data/test/data/gpbit3stored.zip ADDED

Binary file

data/test/data/path_traversal/Makefile ADDED

@@ -0,0 +1,10 @@
+# Based on 'relative2' in https://github.com/jwilk/path-traversal-samples,
+# but create the local `tmp` folder before adding the symlink. Otherwise
+# we may bail out before we get to trying to create the file.
+all: relative1.zip
+relative1.zip:
+	rm -f $(@)
+	mkdir -p -m 755 tmp/tmp
+	umask 022 && echo moo > moo
+	cd tmp && zip -X ../$(@) tmp tmp/../../moo
+	rm -rf tmp moo

data/test/data/path_traversal/jwilk/README.md ADDED

@@ -0,0 +1,5 @@
+# Path Traversal Samples
+Copied from https://github.com/jwilk/path-traversal-samples on 2018-08-26.
+License: MIT

data/test/data/path_traversal/jwilk/absolute1.zip ADDED

Binary file

data/test/data/path_traversal/jwilk/absolute2.zip ADDED

Binary file

data/test/data/path_traversal/jwilk/dirsymlink.zip ADDED

Binary file

data/test/data/path_traversal/jwilk/dirsymlink2a.zip ADDED

Binary file

data/test/data/path_traversal/jwilk/dirsymlink2b.zip ADDED

Binary file

data/test/data/path_traversal/jwilk/relative0.zip ADDED

Binary file

data/test/data/path_traversal/jwilk/relative2.zip ADDED

Binary file

data/test/data/path_traversal/jwilk/symlink.zip ADDED

Binary file

data/test/data/path_traversal/relative1.zip ADDED

Binary file

data/test/data/path_traversal/tuzovakaoff/README.md ADDED

@@ -0,0 +1,3 @@
+# Path Traversal Samples
+Copied from https://github.com/tuzovakaoff/zip_path_traversal on 2018-08-25.

data/test/data/path_traversal/tuzovakaoff/absolutepath.zip ADDED

Binary file

data/test/data/path_traversal/tuzovakaoff/symlink.zip ADDED

Binary file

data/test/data/rubycode.zip CHANGED

Binary file

data/test/errors_test.rb CHANGED

@@ -1,4 +1,5 @@
 # encoding: utf-8
 require 'test_helper'
 class ErrorsTest < MiniTest::Test

data/test/file_permissions_test.rb CHANGED

@@ -1,9 +1,8 @@
 require 'test_helper'
 class FilePermissionsTest < MiniTest::Test
-  ZIPNAME = File.join(File.dirname(__FILE__), "umask.zip")
-  FILENAME = File.join(File.dirname(__FILE__), "umask.txt")
+  ZIPNAME = File.join(File.dirname(__FILE__), 'umask.zip')
+  FILENAME = File.join(File.dirname(__FILE__), 'umask.txt')
   def teardown
     ::File.unlink(ZIPNAME)
@@ -16,7 +15,7 @@ class FilePermissionsTest < MiniTest::Test
   end
   def test_umask_000
-    set_umask(0000) do
+    set_umask(0o000) do
       create_files
     end
@@ -24,7 +23,7 @@ class FilePermissionsTest < MiniTest::Test
   end
   def test_umask_066
-    set_umask(0066) do
+    set_umask(0o066) do
       create_files
     end
@@ -32,7 +31,7 @@ class FilePermissionsTest < MiniTest::Test
   end
   def test_umask_027
-    set_umask(0027) do
+    set_umask(0o027) do
       create_files
     end
@@ -48,7 +47,7 @@ class FilePermissionsTest < MiniTest::Test
   def create_files
     ::Zip::File.open(ZIPNAME, ::Zip::File::CREATE) do |zip|
-      zip.comment = "test"
+      zip.comment = 'test'
     end
     ::File.open(FILENAME, 'w') do |file|
@@ -57,13 +56,10 @@ class FilePermissionsTest < MiniTest::Test
   end
   # If anything goes wrong, make sure the umask is restored.
-  def set_umask(umask, &block)
-    begin
-      saved_umask = ::File.umask(umask)
-      yield
-    ensure
-      ::File.umask(saved_umask)
-    end
+  def set_umask(umask)
+    saved_umask = ::File.umask(umask)
+    yield
+  ensure
+    ::File.umask(saved_umask)
   end
 end