rubyzip 1.2.1 → 2.0.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
-SHA1:
-  metadata.gz: 1b7ea085db9b27be420d541113214a73ee044c9f
-  data.tar.gz: ea28ff723bfd70f2e6f7a02f4fe28b805aa4a47e
+SHA256:
+  metadata.gz: 4e2be8aa3dea85f1e99fa26b5b2530ede874228f35379181d5219eb3864a0e33
+  data.tar.gz: '0985b8cd0b421a0bdf83953ba907ddad52d236948a81a242f322f0f5fa2145a6'
 SHA512:
-  metadata.gz: 121d7129aa37b72da82b32882401b7837c9cface1edf1b8bfb911cd20a55b2ecdacd308de9b7ed0cb6bc0b45d9d974faf28826efe191ddc36d3eb8431f8fe6f0
-  data.tar.gz: b1ef9770bcd133de33f61642665d511a11aff21aba880cf1226df0c8e1b3602833679384d76bf6877b19567406f7bd9a60de8bd78aded3f303660fbb80b31bb7
+  metadata.gz: c870bef8352ddb4e706a847f66da596fe556938d1b1422c3541f8ab24aa10bbdb6be577cd031853459101e24a4290aa816436834d1cae66dd26238b451f41d15
+  data.tar.gz: bb5c8ca7d286346bfad64a6e1bd637cb8a40a99974bc62fbd76ea1a5ee139d16dcf52a8480cc219e48e311d84046feafab2c497cfbeb0721940a06a5c7a163a2

data/README.md

@@ -1,4 +1,5 @@
 # rubyzip
+
 [![Gem Version](https://badge.fury.io/rb/rubyzip.svg)](http://badge.fury.io/rb/rubyzip)
 [![Build Status](https://secure.travis-ci.org/rubyzip/rubyzip.svg)](http://travis-ci.org/rubyzip/rubyzip)
 [![Code Climate](https://codeclimate.com/github/rubyzip/rubyzip.svg)](https://codeclimate.com/github/rubyzip/rubyzip)
@@ -19,9 +20,10 @@ gem 'zip-zip' # will load compatibility for old rubyzip API.
 
 ## Requirements
 
-* Ruby 1.9.2 or greater
+- Ruby 2.4 or greater (for rubyzip 2.0; use 1.x for older rubies)
 
 ## Installation
+
 Rubyzip is available on RubyGems:
 
 ```
@@ -52,14 +54,15 @@ Zip::File.open(zipfile_name, Zip::File::CREATE) do |zipfile|
     # Two arguments:
     # - The name of the file as it will appear in the archive
     # - The original file, including the path to find it
-    zipfile.add(filename, folder + '/' + filename)
+    zipfile.add(filename, File.join(folder, filename))
   end
-  zipfile.get_output_stream("myFile") { |os| os.write "myFile contains just this" }
+  zipfile.get_output_stream("myFile") { |f| f.write "myFile contains just this" }
 end
 ```
 
 ### Zipping a directory recursively
-Copy from [here](https://github.com/rubyzip/rubyzip/blob/05916bf89181e1955118fd3ea059f18acac28cc8/samples/example_recursive.rb )
+
+Copy from [here](https://github.com/rubyzip/rubyzip/blob/9d891f7353e66052283562d3e252fe380bb4b199/samples/example_recursive.rb)
 
 ```ruby
 require 'zip'
@@ -83,40 +86,37 @@ class ZipFileGenerator
 
   # Zip the input directory.
   def write
-    entries = Dir.entries(@input_dir) - %w(. ..)
+    entries = Dir.entries(@input_dir) - %w[. ..]
 
-    ::Zip::File.open(@output_file, ::Zip::File::CREATE) do |io|
-      write_entries entries, '', io
+    ::Zip::File.open(@output_file, ::Zip::File::CREATE) do |zipfile|
+      write_entries entries, '', zipfile
     end
   end
 
   private
 
   # A helper method to make the recursion work.
-  def write_entries(entries, path, io)
+  def write_entries(entries, path, zipfile)
     entries.each do |e|
-      zip_file_path = path == '' ? e : File.join(path, e)
-      disk_file_path = File.join(@input_dir, zip_file_path)
-      puts "Deflating #{disk_file_path}"
+      zipfile_path = path == '' ? e : File.join(path, e)
+      disk_file_path = File.join(@input_dir, zipfile_path)
 
       if File.directory? disk_file_path
-        recursively_deflate_directory(disk_file_path, io, zip_file_path)
+        recursively_deflate_directory(disk_file_path, zipfile, zipfile_path)
       else
-        put_into_archive(disk_file_path, io, zip_file_path)
+        put_into_archive(disk_file_path, zipfile, zipfile_path)
       end
     end
   end
 
-  def recursively_deflate_directory(disk_file_path, io, zip_file_path)
-    io.mkdir zip_file_path
-    subdir = Dir.entries(disk_file_path) - %w(. ..)
-    write_entries subdir, zip_file_path, io
+  def recursively_deflate_directory(disk_file_path, zipfile, zipfile_path)
+    zipfile.mkdir zipfile_path
+    subdir = Dir.entries(disk_file_path) - %w[. ..]
+    write_entries subdir, zipfile_path, zipfile
   end
 
-  def put_into_archive(disk_file_path, io, zip_file_path)
-    io.get_output_stream(zip_file_path) do |f|
-      f.write(File.open(disk_file_path, 'rb').read)
-    end
+  def put_into_archive(disk_file_path, zipfile, zipfile_path)
+    zipfile.add(zipfile_path, disk_file_path)
   end
 end
 ```
@@ -152,12 +152,15 @@ When modifying a zip archive the file permissions of the archive are preserved.
 ### Reading a Zip file
 
 ```ruby
+MAX_SIZE = 1024**2 # 1MiB (but of course you can increase this)
 Zip::File.open('foo.zip') do |zip_file|
   # Handle entries one by one
   zip_file.each do |entry|
-    # Extract to file/directory/symlink
     puts "Extracting #{entry.name}"
-    entry.extract(dest_file)
+    raise 'File too large when extracted' if entry.size > MAX_SIZE
+
+    # Extract to file or directory based on name in the archive
+    entry.extract
 
     # Read into memory
     content = entry.get_input_stream.read
@@ -165,6 +168,7 @@ Zip::File.open('foo.zip') do |zip_file|
 
   # Find specific entry
   entry = zip_file.glob('*.csv').first
+  raise 'File too large when extracted' if entry.size > MAX_SIZE
   puts entry.get_input_stream.read
 end
 ```
@@ -175,9 +179,7 @@ end
 
 But there is one exception when it is not working - General Purpose Flag Bit 3.
 
-```
-If bit 3 (0x08) of the general-purpose flags field is set, then the CRC-32 and file sizes are not known when the header is written. The fields in the local header are filled with zero, and the CRC-32 and size are appended in a 12-byte structure (optionally preceded by a 4-byte signature) immediately after the compressed data
-```
+> If bit 3 (0x08) of the general-purpose flags field is set, then the CRC-32 and file sizes are not known when the header is written. The fields in the local header are filled with zero, and the CRC-32 and size are appended in a 12-byte structure (optionally preceded by a 4-byte signature) immediately after the compressed data
 
 If `::Zip::InputStream` finds such entry in the zip archive it will raise an exception.
 
@@ -221,7 +223,9 @@ File.open(new_path, "wb") {|f| f.write(buffer.string) }
 
 ## Configuration
 
-By default, rubyzip will not overwrite files if they already exist inside of the extracted path.  To change this behavior, you may specify a configuration option like so:
+### Existing Files
+
+By default, rubyzip will not overwrite files if they already exist inside of the extracted path. To change this behavior, you may specify a configuration option like so:
 
 ```ruby
 Zip.on_exists_proc = true
@@ -235,25 +239,77 @@ Additionally, if you want to configure rubyzip to overwrite existing files while
 Zip.continue_on_exists_proc = true
 ```
 
+### Non-ASCII Names
+
 If you want to store non-english names and want to open them on Windows(pre 7) you need to set this option:
 
 ```ruby
 Zip.unicode_names = true
 ```
 
+Sometimes file names inside zip contain non-ASCII characters. If you can assume which encoding was used for such names and want to be able to find such entries using `find_entry` then you can force assumed encoding like so:
+
+```ruby
+Zip.force_entry_names_encoding = 'UTF-8'
+```
+
+Allowed encoding names are the same as accepted by `String#force_encoding`
+
+### Date Validation
+
 Some zip files might have an invalid date format, which will raise a warning. You can hide this warning with the following setting:
 
 ```ruby
 Zip.warn_invalid_date = false
 ```
 
+### Size Validation
+
+By default (in rubyzip >= 2.0), rubyzip's `extract` method checks that an entry's reported uncompressed size is not (significantly) smaller than its actual size. This is to help you protect your application against [zip bombs](https://en.wikipedia.org/wiki/Zip_bomb). Before `extract`ing an entry, you should check that its size is in the range you expect. For example, if your application supports processing up to 100 files at once, each up to 10MiB, your zip extraction code might look like:
+
+```ruby
+MAX_FILE_SIZE = 10 * 1024**2 # 10MiB
+MAX_FILES = 100
+Zip::File.open('foo.zip') do |zip_file|
+  num_files = 0
+  zip_file.each do |entry|
+    num_files += 1 if entry.file?
+    raise 'Too many extracted files' if num_files > MAX_FILES
+    raise 'File too large when extracted' if entry.size > MAX_FILE_SIZE
+    entry.extract
+  end
+end
+```
+
+If you need to extract zip files that report incorrect uncompressed sizes and you really trust them not too be too large, you can disable this setting with
+```ruby
+Zip.validate_entry_sizes = false
+```
+
+Note that if you use the lower level `Zip::InputStream` interface, `rubyzip` does *not* check the entry `size`s. In this case, the caller is responsible for making sure it does not read more data than expected from the input stream.
+
+### Default Compression
+
 You can set the default compression level like so:
 
 ```ruby
 Zip.default_compression = Zlib::DEFAULT_COMPRESSION
 ```
+
 It defaults to `Zlib::DEFAULT_COMPRESSION`. Possible values are `Zlib::BEST_COMPRESSION`, `Zlib::DEFAULT_COMPRESSION` and `Zlib::NO_COMPRESSION`
 
+### Zip64 Support
+
+By default, Zip64 support is disabled for writing. To enable it do this:
+
+```ruby
+Zip.write_zip64_support = true
+```
+
+_NOTE_: If you will enable Zip64 writing then you will need zip extractor with Zip64 support to extract archive.
+
+### Block Form
+
 You can set multiple settings at the same time by using a block:
 
 ```ruby
@@ -265,14 +321,6 @@ You can set multiple settings at the same time by using a block:
   end
 ```
 
-By default, Zip64 support is disabled for writing. To enable it do this:
-
-```ruby
-Zip.write_zip64_support = true
-```
-
-_NOTE_: If you will enable Zip64 writing then you will need zip extractor with Zip64 support to extract archive.
-
 ## Developing
 
 To run the test you need to do this:

data/lib/zip.rb

@@ -34,7 +34,16 @@ require 'zip/errors'
 
 module Zip
   extend self
-  attr_accessor :unicode_names, :on_exists_proc, :continue_on_exists_proc, :sort_entries, :default_compression, :write_zip64_support, :warn_invalid_date, :case_insensitive_match
+  attr_accessor :unicode_names,
+                :on_exists_proc,
+                :continue_on_exists_proc,
+                :sort_entries,
+                :default_compression,
+                :write_zip64_support,
+                :warn_invalid_date,
+                :case_insensitive_match,
+                :force_entry_names_encoding,
+                :validate_entry_sizes
 
   def reset!
     @_ran_once = false
@@ -46,6 +55,7 @@ module Zip
     @write_zip64_support = false
     @warn_invalid_date = true
     @case_insensitive_match = false
+    @validate_entry_sizes = true
   end
 
   def setup

data/lib/zip/central_directory.rb

@@ -96,7 +96,7 @@ module Zip
       @size_in_bytes                                = Entry.read_zip_64_long(buf)
       @cdir_offset                                  = Entry.read_zip_64_long(buf)
       @zip_64_extensible                            = buf.slice!(0, buf.bytesize)
-      raise Error, 'Zip consistency problem while reading eocd structure' unless buf.size == 0
+      raise Error, 'Zip consistency problem while reading eocd structure' unless buf.empty?
     end
 
     def read_e_o_c_d(buf) #:nodoc:
@@ -113,7 +113,7 @@ module Zip
                                                       else
                                                         buf.read(comment_length)
                                                       end
-      raise Error, 'Zip consistency problem while reading eocd structure' unless buf.size == 0
+      raise Error, 'Zip consistency problem while reading eocd structure' unless buf.empty?
     end
 
     def read_central_directory_entries(io) #:nodoc:
@@ -130,7 +130,7 @@ module Zip
 
     def read_from_stream(io) #:nodoc:
       buf = start_buf(io)
-      if self.zip64_file?(buf)
+      if zip64_file?(buf)
         read_64_e_o_c_d(buf)
       else
         read_e_o_c_d(buf)

data/lib/zip/compressor.rb

@@ -1,7 +1,6 @@
 module Zip
   class Compressor #:nodoc:all
-    def finish
-    end
+    def finish; end
   end
 end
 

data/lib/zip/constants.rb

@@ -11,9 +11,9 @@ module Zip
   VERSION_NEEDED_TO_EXTRACT              = 20
   VERSION_NEEDED_TO_EXTRACT_ZIP64        = 45
 
-  FILE_TYPE_FILE    = 010
-  FILE_TYPE_DIR     = 004
-  FILE_TYPE_SYMLINK = 012
+  FILE_TYPE_FILE    = 0o10
+  FILE_TYPE_DIR     = 0o04
+  FILE_TYPE_SYMLINK = 0o12
 
   FSTYPE_FAT      = 0
   FSTYPE_AMIGA    = 1

data/lib/zip/crypto/null_encryption.rb

@@ -24,8 +24,7 @@ module Zip
       ''
     end
 
-    def reset!
-    end
+    def reset!; end
   end
 
   class NullDecrypter < Decrypter
@@ -35,8 +34,7 @@ module Zip
       data
     end
 
-    def reset!(_header)
-    end
+    def reset!(_header); end
   end
 end
 

data/lib/zip/decompressor.rb

@@ -1,5 +1,5 @@
 module Zip
-  class Decompressor  #:nodoc:all
+  class Decompressor #:nodoc:all
     CHUNK_SIZE = 32_768
     def initialize(input_stream)
       super()

data/lib/zip/dos_time.rb

@@ -19,7 +19,7 @@ module Zip
     end
 
     def to_binary_dos_date
-      (day) +
+      day +
         (month << 5) +
         ((year - 1980) << 9)
     end

data/lib/zip/entry.rb

@@ -1,3 +1,4 @@
+require 'pathname'
 module Zip
   class Entry
     STORED   = 0
@@ -99,7 +100,7 @@ module Zip
     end
 
     # Dynamic checkers
-    %w(directory file symlink).each do |k|
+    %w[directory file symlink].each do |k|
       define_method "#{k}?" do
         file_type_is?(k.to_sym)
       end
@@ -109,6 +110,17 @@ module Zip
       @name.end_with?('/')
     end
 
+    # Is the name a relative path, free of `..` patterns that could lead to
+    # path traversal attacks? This does NOT handle symlinks; if the path
+    # contains symlinks, this check is NOT enough to guarantee safety.
+    def name_safe?
+      cleanpath = Pathname.new(@name).cleanpath
+      return false unless cleanpath.relative?
+      root = ::File::SEPARATOR
+      naive_expanded_path = ::File.join(root, cleanpath.to_s)
+      ::File.absolute_path(cleanpath.to_s, root) == naive_expanded_path
+    end
+
     def local_entry_offset #:nodoc:all
       local_header_offset + @local_header_size
     end
@@ -147,14 +159,17 @@ module Zip
     end
 
     # Extracts entry to file dest_path (defaults to @name).
-    def extract(dest_path = @name, &block)
-      block ||= proc { ::Zip.on_exists_proc }
-
-      if @name.squeeze('/') =~ /\.{2}(?:\/|\z)/
-        puts "WARNING: skipped \"../\" path component(s) in #{@name}"
+    # NB: The caller is responsible for making sure dest_path is safe, if it
+    # is passed.
+    def extract(dest_path = nil, &block)
+      if dest_path.nil? && !name_safe?
+        puts "WARNING: skipped #{@name} as unsafe"
         return self
       end
 
+      dest_path ||= @name
+      block ||= proc { ::Zip.on_exists_proc }
+
       if directory? || file? || symlink?
         __send__("create_#{@ftype}", dest_path, &block)
       else
@@ -239,7 +254,10 @@ module Zip
       @name = io.read(@name_length)
       extra = io.read(@extra_length)
 
-      @name.gsub!('\\', '/')
+      @name.tr!('\\', '/')
+      if ::Zip.force_entry_names_encoding
+        @name.force_encoding(::Zip.force_entry_names_encoding)
+      end
 
       if extra && extra.bytesize != @extra_length
         raise ::Zip::Error, 'Truncated local zip entry header'
@@ -258,13 +276,13 @@ module Zip
       zip64 = @extra['Zip64']
       [::Zip::LOCAL_ENTRY_SIGNATURE,
        @version_needed_to_extract, # version needed to extract
-       @gp_flags, # @gp_flags                  ,
+       @gp_flags, # @gp_flags
        @compression_method,
-       @time.to_binary_dos_time, # @last_mod_time              ,
-       @time.to_binary_dos_date, # @last_mod_date              ,
+       @time.to_binary_dos_time, # @last_mod_time
+       @time.to_binary_dos_date, # @last_mod_date
        @crc,
-       (zip64 && zip64.compressed_size) ? 0xFFFFFFFF : @compressed_size,
-       (zip64 && zip64.original_size) ? 0xFFFFFFFF : @size,
+       zip64 && zip64.compressed_size ? 0xFFFFFFFF : @compressed_size,
+       zip64 && zip64.original_size ? 0xFFFFFFFF : @size,
        name_size,
        @extra ? @extra.local_size : 0].pack('VvvvvvVVVvv')
     end
@@ -308,7 +326,7 @@ module Zip
     def set_ftype_from_c_dir_entry
       @ftype = case @fstype
                when ::Zip::FSTYPE_UNIX
-                 @unix_perms = (@external_file_attributes >> 16) & 07777
+                 @unix_perms = (@external_file_attributes >> 16) & 0o7777
                  case (@external_file_attributes >> 28)
                  when ::Zip::FILE_TYPE_DIR
                    :directory
@@ -364,6 +382,9 @@ module Zip
       check_c_dir_entry_signature
       set_time(@last_mod_date, @last_mod_time)
       @name = io.read(@name_length)
+      if ::Zip.force_entry_names_encoding
+        @name.force_encoding(::Zip.force_entry_names_encoding)
+      end
       read_c_dir_extra_field(io)
       @comment = io.read(@comment_length)
       check_c_dir_entry_comment_size
@@ -384,14 +405,14 @@ module Zip
       stat        = file_stat(path)
       @unix_uid   = stat.uid
       @unix_gid   = stat.gid
-      @unix_perms = stat.mode & 07777
+      @unix_perms = stat.mode & 0o7777
     end
 
     def set_unix_permissions_on_path(dest_path)
       # BUG: does not update timestamps into account
       # ignore setuid/setgid bits by default.  honor if @restore_ownership
-      unix_perms_mask = 01777
-      unix_perms_mask = 07777 if @restore_ownership
+      unix_perms_mask = 0o1777
+      unix_perms_mask = 0o7777 if @restore_ownership
       ::FileUtils.chmod(@unix_perms & unix_perms_mask, dest_path) if @restore_permissions && @unix_perms
       ::FileUtils.chown(@unix_uid, @unix_gid, dest_path) if @restore_ownership && @unix_uid && @unix_gid && ::Process.egid == 0
       # File::utimes()
@@ -412,21 +433,21 @@ module Zip
         @header_signature,
         @version, # version of encoding software
         @fstype, # filesystem type
-        @version_needed_to_extract, # @versionNeededToExtract           ,
-        @gp_flags, # @gp_flags                          ,
+        @version_needed_to_extract, # @versionNeededToExtract
+        @gp_flags, # @gp_flags
         @compression_method,
-        @time.to_binary_dos_time, # @last_mod_time                      ,
-        @time.to_binary_dos_date, # @last_mod_date                      ,
+        @time.to_binary_dos_time, # @last_mod_time
+        @time.to_binary_dos_date, # @last_mod_date
         @crc,
-        (zip64 && zip64.compressed_size) ? 0xFFFFFFFF : @compressed_size,
-        (zip64 && zip64.original_size) ? 0xFFFFFFFF : @size,
+        zip64 && zip64.compressed_size ? 0xFFFFFFFF : @compressed_size,
+        zip64 && zip64.original_size ? 0xFFFFFFFF : @size,
         name_size,
         @extra ? @extra.c_dir_size : 0,
         comment_size,
-        (zip64 && zip64.disk_start_number) ? 0xFFFF : 0, # disk number start
+        zip64 && zip64.disk_start_number ? 0xFFFF : 0, # disk number start
         @internal_file_attributes, # file type (binary=0, text=1)
         @external_file_attributes, # native filesystem attributes
-        (zip64 && zip64.relative_header_offset) ? 0xFFFFFFFF : @local_header_offset,
+        zip64 && zip64.relative_header_offset ? 0xFFFFFFFF : @local_header_offset,
         @name,
         @extra,
         @comment
@@ -439,18 +460,18 @@ module Zip
       when ::Zip::FSTYPE_UNIX
         ft = case @ftype
              when :file
-               @unix_perms ||= 0644
+               @unix_perms ||= 0o644
                ::Zip::FILE_TYPE_FILE
              when :directory
-               @unix_perms ||= 0755
+               @unix_perms ||= 0o755
                ::Zip::FILE_TYPE_DIR
              when :symlink
-               @unix_perms ||= 0755
+               @unix_perms ||= 0o755
                ::Zip::FILE_TYPE_SYMLINK
              end
 
         unless ft.nil?
-          @external_file_attributes = (ft << 12 | (@unix_perms & 07777)) << 16
+          @external_file_attributes = (ft << 12 | (@unix_perms & 0o7777)) << 16
         end
       end
 
@@ -464,7 +485,7 @@ module Zip
     def ==(other)
       return false unless other.class == self.class
       # Compares contents of local entry and exposed fields
-      keys_equal = %w(compression_method crc compressed_size size name extra filepath).all? do |k|
+      keys_equal = %w[compression_method crc compressed_size size name extra filepath].all? do |k|
         other.__send__(k.to_sym) == __send__(k.to_sym)
       end
       keys_equal && time.dos_equals(other.time)
@@ -494,7 +515,7 @@ module Zip
         end
       else
         zis = ::Zip::InputStream.new(@zipfile, local_header_offset)
-        zis.instance_variable_set(:@internal, true)
+        zis.instance_variable_set(:@complete_entry, self)
         zis.get_next_entry
         if block_given?
           begin
@@ -582,9 +603,21 @@ module Zip
         get_input_stream do |is|
           set_extra_attributes_on_path(dest_path)
 
-          buf = ''
+          bytes_written = 0
+          warned = false
+          buf = ''.dup
           while (buf = is.sysread(::Zip::Decompressor::CHUNK_SIZE, buf))
             os << buf
+            bytes_written += buf.bytesize
+            if bytes_written > size && !warned
+              message = "Entry #{name} should be #{size}B but is larger when inflated"
+              if ::Zip.validate_entry_sizes
+                raise ::Zip::EntrySizeError, message
+              else
+                puts "WARNING: #{message}"
+                warned = true
+              end
+            end
           end
         end
       end
@@ -607,32 +640,9 @@ module Zip
 
     # BUG: create_symlink() does not use &block
     def create_symlink(dest_path)
-      stat = nil
-      begin
-        stat = ::File.lstat(dest_path)
-      rescue Errno::ENOENT
-      end
-
-      io     = get_input_stream
-      linkto = io.read
-
-      if stat
-        if stat.symlink?
-          if ::File.readlink(dest_path) == linkto
-            return
-          else
-            raise ::Zip::DestinationFileExistsError,
-                  "Cannot create symlink '#{dest_path}'. " \
-                      'A symlink already exists with that name'
-          end
-        else
-          raise ::Zip::DestinationFileExistsError,
-                "Cannot create symlink '#{dest_path}'. " \
-                    'A file already exists with that name'
-        end
-      end
-
-      ::File.symlink(linkto, dest_path)
+      # TODO: Symlinks pose security challenges. Symlink support temporarily
+      # removed in view of https://github.com/rubyzip/rubyzip/issues/369 .
+      puts "WARNING: skipped symlink #{dest_path}"
     end
 
     # apply missing data from the zip64 extra information field, if present