azure-pipelines-tasks-webdeployment-common 4.230.4 → 4.230.6
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/7zip/7zip/7z.dll +0 -0
- package/7zip/7zip/7z.exe +0 -0
- package/7zip/7zip/License.txt +49 -15
- package/Tests/L0.js +2 -0
- package/Tests/L0.ts +2 -0
- package/Tests/L1ZipUtility/potentially_malicious.zip +0 -0
- package/Tests/L1ZipUtility.d.ts +2 -0
- package/Tests/L1ZipUtility.js +23 -0
- package/Tests/L1ZipUtility.ts +15 -0
- package/package.json +1 -1
- package/ziputility.d.ts +1 -1
- package/ziputility.js +21 -20
package/7zip/7zip/7z.dll
CHANGED
|
Binary file
|
package/7zip/7zip/7z.exe
CHANGED
|
Binary file
|
package/7zip/7zip/License.txt
CHANGED
|
@@ -3,19 +3,20 @@
|
|
|
3
3
|
License for use and distribution
|
|
4
4
|
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
|
5
5
|
|
|
6
|
-
7-Zip Copyright (C) 1999-
|
|
6
|
+
7-Zip Copyright (C) 1999-2019 Igor Pavlov.
|
|
7
7
|
|
|
8
|
-
|
|
8
|
+
The licenses for files are:
|
|
9
9
|
|
|
10
|
-
1) 7z.dll:
|
|
11
|
-
|
|
10
|
+
1) 7z.dll:
|
|
11
|
+
- The "GNU LGPL" as main license for most of the code
|
|
12
|
+
- The "GNU LGPL" with "unRAR license restriction" for some code
|
|
13
|
+
- The "BSD 3-clause License" for some code
|
|
14
|
+
2) All other files: the "GNU LGPL".
|
|
12
15
|
|
|
13
|
-
|
|
14
|
-
GNU LGPL rules and unRAR restriction rules.
|
|
16
|
+
Redistributions in binary form must reproduce related license information from this file.
|
|
15
17
|
|
|
16
|
-
|
|
17
|
-
|
|
18
|
-
You can use 7-Zip on any computer, including a computer in a commercial
|
|
18
|
+
Note:
|
|
19
|
+
You can use 7-Zip on any computer, including a computer in a commercial
|
|
19
20
|
organization. You don't need to register or pay for 7-Zip.
|
|
20
21
|
|
|
21
22
|
|
|
@@ -32,21 +33,54 @@
|
|
|
32
33
|
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
|
33
34
|
Lesser General Public License for more details.
|
|
34
35
|
|
|
35
|
-
You can receive a copy of the GNU Lesser General Public License from
|
|
36
|
+
You can receive a copy of the GNU Lesser General Public License from
|
|
36
37
|
http://www.gnu.org/
|
|
37
38
|
|
|
38
39
|
|
|
39
|
-
unRAR restriction
|
|
40
|
-
-----------------
|
|
41
40
|
|
|
42
|
-
|
|
41
|
+
|
|
42
|
+
BSD 3-clause License
|
|
43
|
+
--------------------
|
|
44
|
+
|
|
45
|
+
The "BSD 3-clause License" is used for the code in 7z.dll that implements LZFSE data decompression.
|
|
46
|
+
That code was derived from the code in the "LZFSE compression library" developed by Apple Inc,
|
|
47
|
+
that also uses the "BSD 3-clause License":
|
|
48
|
+
|
|
49
|
+
----
|
|
50
|
+
Copyright (c) 2015-2016, Apple Inc. All rights reserved.
|
|
51
|
+
|
|
52
|
+
Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:
|
|
53
|
+
|
|
54
|
+
1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.
|
|
55
|
+
|
|
56
|
+
2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer
|
|
57
|
+
in the documentation and/or other materials provided with the distribution.
|
|
58
|
+
|
|
59
|
+
3. Neither the name of the copyright holder(s) nor the names of any contributors may be used to endorse or promote products derived
|
|
60
|
+
from this software without specific prior written permission.
|
|
61
|
+
|
|
62
|
+
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
|
|
63
|
+
LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
|
|
64
|
+
COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
|
|
65
|
+
(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
|
66
|
+
HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
|
|
67
|
+
ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
|
68
|
+
----
|
|
69
|
+
|
|
70
|
+
|
|
71
|
+
|
|
72
|
+
|
|
73
|
+
unRAR license restriction
|
|
74
|
+
-------------------------
|
|
75
|
+
|
|
76
|
+
The decompression engine for RAR archives was developed using source
|
|
43
77
|
code of unRAR program.
|
|
44
78
|
All copyrights to original unRAR code are owned by Alexander Roshal.
|
|
45
79
|
|
|
46
80
|
The license for original unRAR code has the following restriction:
|
|
47
81
|
|
|
48
|
-
The unRAR sources cannot be used to re-create the RAR compression algorithm,
|
|
49
|
-
which is proprietary. Distribution of modified unRAR sources in separate form
|
|
82
|
+
The unRAR sources cannot be used to re-create the RAR compression algorithm,
|
|
83
|
+
which is proprietary. Distribution of modified unRAR sources in separate form
|
|
50
84
|
or as a part of other software is permitted, provided that it is clearly
|
|
51
85
|
stated in the documentation and source comments that the code may
|
|
52
86
|
not be used to develop a RAR (WinRAR) compatible archiver.
|
package/Tests/L0.js
CHANGED
|
@@ -10,6 +10,7 @@ const L1JsonVarSub_1 = require("./L1JsonVarSub");
|
|
|
10
10
|
const L1JsonVarSubV2_1 = require("./L1JsonVarSubV2");
|
|
11
11
|
const L1ValidateFileEncoding_1 = require("./L1ValidateFileEncoding");
|
|
12
12
|
const L0ParameterParserUtility_1 = require("./L0ParameterParserUtility");
|
|
13
|
+
const L1ZipUtility_1 = require("./L1ZipUtility");
|
|
13
14
|
describe('Web deployment common tests', () => {
|
|
14
15
|
describe('GetMSDeployCmdArgs tests', L0MSDeployUtility_1.runGetMSDeployCmdArgsTests);
|
|
15
16
|
describe('GetWebDeployErrorCode tests', L0MSDeployUtility_1.runGetWebDeployErrorCodeTests);
|
|
@@ -22,4 +23,5 @@ describe('Web deployment common tests', () => {
|
|
|
22
23
|
describe("L1JsonVarSubV2 tests", L1JsonVarSubV2_1.runL1JsonVarSubV2Tests);
|
|
23
24
|
describe("L1ValidateFileEncoding tests", L1ValidateFileEncoding_1.runL1ValidateFileEncodingTests);
|
|
24
25
|
describe("ParameterParserUtility tests", L0ParameterParserUtility_1.runParameterParserUtilityTests);
|
|
26
|
+
describe("ZipUtility tests", L1ZipUtility_1.runL1ZipUtilityTests);
|
|
25
27
|
});
|
package/Tests/L0.ts
CHANGED
|
@@ -8,6 +8,7 @@ import { runL1JsonVarSubTests } from "./L1JsonVarSub";
|
|
|
8
8
|
import { runL1JsonVarSubV2Tests } from "./L1JsonVarSubV2";
|
|
9
9
|
import { runL1ValidateFileEncodingTests } from "./L1ValidateFileEncoding";
|
|
10
10
|
import { runParameterParserUtilityTests } from "./L0ParameterParserUtility";
|
|
11
|
+
import { runL1ZipUtilityTests } from "./L1ZipUtility";
|
|
11
12
|
|
|
12
13
|
describe('Web deployment common tests', () => {
|
|
13
14
|
describe('GetMSDeployCmdArgs tests', runGetMSDeployCmdArgsTests);
|
|
@@ -21,4 +22,5 @@ describe('Web deployment common tests', () => {
|
|
|
21
22
|
describe("L1JsonVarSubV2 tests", runL1JsonVarSubV2Tests);
|
|
22
23
|
describe("L1ValidateFileEncoding tests", runL1ValidateFileEncodingTests);
|
|
23
24
|
describe("ParameterParserUtility tests", runParameterParserUtilityTests);
|
|
25
|
+
describe("ZipUtility tests", runL1ZipUtilityTests);
|
|
24
26
|
});
|
|
Binary file
|
|
@@ -0,0 +1,23 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
|
|
3
|
+
function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
|
|
4
|
+
return new (P || (P = Promise))(function (resolve, reject) {
|
|
5
|
+
function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
|
|
6
|
+
function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
|
|
7
|
+
function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
|
|
8
|
+
step((generator = generator.apply(thisArg, _arguments || [])).next());
|
|
9
|
+
});
|
|
10
|
+
};
|
|
11
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
12
|
+
exports.runL1ZipUtilityTests = void 0;
|
|
13
|
+
const path = require("path");
|
|
14
|
+
const assert = require("assert");
|
|
15
|
+
const ziputility_1 = require("../ziputility");
|
|
16
|
+
function runL1ZipUtilityTests() {
|
|
17
|
+
it("Should skip ZIP entries validation", () => __awaiter(this, void 0, void 0, function* () {
|
|
18
|
+
const archive = path.join(__dirname, 'L1ZipUtility', 'potentially_malicious.zip');
|
|
19
|
+
const exists = yield ziputility_1.checkIfFilesExistsInZip(archive, ['index.html']);
|
|
20
|
+
assert.strictEqual(exists, true);
|
|
21
|
+
}));
|
|
22
|
+
}
|
|
23
|
+
exports.runL1ZipUtilityTests = runL1ZipUtilityTests;
|
|
@@ -0,0 +1,15 @@
|
|
|
1
|
+
import * as path from 'path';
|
|
2
|
+
import assert = require('assert');
|
|
3
|
+
import { checkIfFilesExistsInZip } from "../ziputility";
|
|
4
|
+
|
|
5
|
+
export function runL1ZipUtilityTests(this: Mocha.Suite): void {
|
|
6
|
+
|
|
7
|
+
it("Should skip ZIP entries validation", async () => {
|
|
8
|
+
const archive = path.join(__dirname, 'L1ZipUtility', 'potentially_malicious.zip');
|
|
9
|
+
|
|
10
|
+
const exists = await checkIfFilesExistsInZip(archive, ['index.html']);
|
|
11
|
+
|
|
12
|
+
assert.strictEqual(exists, true);
|
|
13
|
+
});
|
|
14
|
+
|
|
15
|
+
}
|
package/package.json
CHANGED
package/ziputility.d.ts
CHANGED
|
@@ -4,4 +4,4 @@ export declare function archiveFolder(folderPath: any, targetPath: any, zipName:
|
|
|
4
4
|
* Returns array of files present in archived package
|
|
5
5
|
*/
|
|
6
6
|
export declare function getArchivedEntries(archivedPackage: string): Promise<any>;
|
|
7
|
-
export declare function checkIfFilesExistsInZip(archivedPackage: string, files: string[]):
|
|
7
|
+
export declare function checkIfFilesExistsInZip(archivedPackage: string, files: string[]): Promise<boolean>;
|
package/ziputility.js
CHANGED
|
@@ -157,27 +157,28 @@ function getArchivedEntries(archivedPackage) {
|
|
|
157
157
|
}
|
|
158
158
|
exports.getArchivedEntries = getArchivedEntries;
|
|
159
159
|
function checkIfFilesExistsInZip(archivedPackage, files) {
|
|
160
|
-
|
|
161
|
-
|
|
162
|
-
|
|
163
|
-
}
|
|
164
|
-
const zip = new StreamZip({
|
|
165
|
-
file: archivedPackage,
|
|
166
|
-
storeEntries: true
|
|
167
|
-
});
|
|
168
|
-
zip.on('ready', () => {
|
|
169
|
-
let fileCount = 0;
|
|
170
|
-
for (let entry in zip.entries()) {
|
|
171
|
-
if (files.indexOf(entry.toLowerCase()) != -1) {
|
|
172
|
-
fileCount += 1;
|
|
173
|
-
}
|
|
160
|
+
return new Promise((resolve, reject) => {
|
|
161
|
+
for (let i = 0; i < files.length; i++) {
|
|
162
|
+
files[i] = files[i].toLowerCase();
|
|
174
163
|
}
|
|
175
|
-
zip
|
|
176
|
-
|
|
177
|
-
|
|
178
|
-
|
|
179
|
-
|
|
164
|
+
const zip = new StreamZip({
|
|
165
|
+
file: archivedPackage,
|
|
166
|
+
storeEntries: true,
|
|
167
|
+
skipEntryNameValidation: true
|
|
168
|
+
});
|
|
169
|
+
zip.on('ready', () => {
|
|
170
|
+
let fileCount = 0;
|
|
171
|
+
for (let entry in zip.entries()) {
|
|
172
|
+
if (files.indexOf(entry.toLowerCase()) !== -1) {
|
|
173
|
+
fileCount++;
|
|
174
|
+
}
|
|
175
|
+
}
|
|
176
|
+
zip.close();
|
|
177
|
+
resolve(fileCount === files.length);
|
|
178
|
+
});
|
|
179
|
+
zip.on('error', error => {
|
|
180
|
+
reject(error);
|
|
181
|
+
});
|
|
180
182
|
});
|
|
181
|
-
return deferred.promise;
|
|
182
183
|
}
|
|
183
184
|
exports.checkIfFilesExistsInZip = checkIfFilesExistsInZip;
|