rubyzip/test/file_extract_test.rb

# frozen_string_literal: true

require 'test_helper'

class ZipFileExtractTest < MiniTest::Test
  include CommonZipFileFixture
  EXTRACTED_FILENAME = 'test/data/generated/extEntry'
  ENTRY_TO_EXTRACT, *REMAINING_ENTRIES = TEST_ZIP.entry_names.reverse

  def setup
    super
    ::File.delete(EXTRACTED_FILENAME) if ::File.exist?(EXTRACTED_FILENAME)
  end

  def teardown
    ::Zip.reset!
  end

  def test_extract
    ::Zip::File.open(TEST_ZIP.zip_name) do |zf|
      zf.extract(ENTRY_TO_EXTRACT, EXTRACTED_FILENAME)

      assert(File.exist?(EXTRACTED_FILENAME))
      AssertEntry.assert_contents(EXTRACTED_FILENAME,
                                  zf.get_input_stream(ENTRY_TO_EXTRACT, &:read))

      ::File.unlink(EXTRACTED_FILENAME)

      entry = zf.get_entry(ENTRY_TO_EXTRACT)
      entry.extract(EXTRACTED_FILENAME)

      assert(File.exist?(EXTRACTED_FILENAME))
      AssertEntry.assert_contents(EXTRACTED_FILENAME,
                                  entry.get_input_stream(&:read))
    end
  end

  def test_extract_exists
    text = 'written text'
    ::File.open(EXTRACTED_FILENAME, 'w') { |f| f.write(text) }

    assert_raises(::Zip::DestinationFileExistsError) do
      ::Zip::File.open(TEST_ZIP.zip_name) do |zf|
        zf.extract(zf.entries.first, EXTRACTED_FILENAME)
      end
    end
    File.open(EXTRACTED_FILENAME, 'r') do |f|
      assert_equal(text, f.read)
    end
  end

  def test_extract_exists_overwrite
    text = 'written text'
    ::File.open(EXTRACTED_FILENAME, 'w') { |f| f.write(text) }

    called_correctly = false
    ::Zip::File.open(TEST_ZIP.zip_name) do |zf|
      zf.extract(zf.entries.first, EXTRACTED_FILENAME) do |entry, extract_loc|
        called_correctly = zf.entries.first == entry &&
                           extract_loc == EXTRACTED_FILENAME
        true
      end
    end

    assert(called_correctly)
    ::File.open(EXTRACTED_FILENAME, 'r') do |f|
      assert(text != f.read)
    end
  end

  def test_extract_non_entry
    zf = ::Zip::File.new(TEST_ZIP.zip_name)
    assert_raises(Errno::ENOENT) { zf.extract('nonExistingEntry', 'nonExistingEntry') }
  ensure
    zf.close if zf
  end

  def test_extract_non_entry_2
    out_file = 'outfile'
    assert_raises(Errno::ENOENT) do
      zf = ::Zip::File.new(TEST_ZIP.zip_name)
      non_entry = 'hotdog-diddelidoo'
      assert(!zf.entries.include?(non_entry))
      zf.extract(non_entry, out_file)
      zf.close
    end
    assert(!File.exist?(out_file))
  end

  def test_extract_incorrect_size
    # The uncompressed size fields in the zip file cannot be trusted. This makes
    # it harder for callers to validate the sizes of the files they are
    # extracting, which can lead to denial of service. See also
    # https://en.wikipedia.org/wiki/Zip_bomb
    Dir.mktmpdir do |tmp|
      real_zip = File.join(tmp, 'real.zip')
      fake_zip = File.join(tmp, 'fake.zip')
      file_name = 'a'
      true_size = 500_000
      fake_size = 1

      ::Zip::File.open(real_zip, ::Zip::File::CREATE) do |zf|
        zf.get_output_stream(file_name) do |os|
          os.write 'a' * true_size
        end
      end

      compressed_size = nil
      ::Zip::File.open(real_zip) do |zf|
        a_entry = zf.find_entry(file_name)
        compressed_size = a_entry.compressed_size
        assert_equal true_size, a_entry.size
      end

      true_size_bytes = [compressed_size, true_size, file_name.size].pack('VVv')
      fake_size_bytes = [compressed_size, fake_size, file_name.size].pack('VVv')

      data = File.binread(real_zip)
      assert data.include?(true_size_bytes)
      data.gsub! true_size_bytes, fake_size_bytes

      File.open(fake_zip, 'wb') do |file|
        file.write data
      end

      Dir.chdir tmp do
        ::Zip::File.open(fake_zip) do |zf|
          a_entry = zf.find_entry(file_name)
          assert_equal fake_size, a_entry.size

          ::Zip.validate_entry_sizes = false
          assert_output('', /.+\'a\'.+1B.+/) do
            a_entry.extract
          end
          assert_equal true_size, File.size(file_name)
          FileUtils.rm file_name

          ::Zip.validate_entry_sizes = true
          error = assert_raises ::Zip::EntrySizeError do
            a_entry.extract
          end
          assert_equal \
            "entry 'a' should be 1B, but is larger when inflated.",
            error.message
        end
      end
    end
  end
end
Fix Style/FrozenStringLiteralComment cop. 2021-05-24 01:24:22 +08:00			`# frozen_string_literal: true`

Split all tests to small files. Move to minitest 2014-01-21 05:31:06 +08:00			`require 'test_helper'`

Update tests to use the minitest 5.x API. MiniTest::Unit::TestCase -> MiniTest::Test MiniTest::Unit.after_tests -> MiniTest.after_run 2014-07-15 23:23:48 +08:00			`class ZipFileExtractTest < MiniTest::Test`
Split all tests to small files. Move to minitest 2014-01-21 05:31:06 +08:00			`include CommonZipFileFixture`
fix rubocop Style/StringLiterals cop 2015-03-21 16:27:44 +08:00			`EXTRACTED_FILENAME = 'test/data/generated/extEntry'`
Split all tests to small files. Move to minitest 2014-01-21 05:31:06 +08:00			`ENTRY_TO_EXTRACT, *REMAINING_ENTRIES = TEST_ZIP.entry_names.reverse`

			`def setup`
			`super`
File.exists? -> File.exist? 2014-02-07 07:00:38 +08:00			`::File.delete(EXTRACTED_FILENAME) if ::File.exist?(EXTRACTED_FILENAME)`
Split all tests to small files. Move to minitest 2014-01-21 05:31:06 +08:00			`end`

Validate entry sizes when extracting 2019-09-13 05:01:38 +08:00			`def teardown`
			`::Zip.reset!`
			`end`

Split all tests to small files. Move to minitest 2014-01-21 05:31:06 +08:00			`def test_extract`
fix rubocop Style/Blocks cop 2015-03-21 16:10:37 +08:00			`::Zip::File.open(TEST_ZIP.zip_name) do \|zf\|`
Split all tests to small files. Move to minitest 2014-01-21 05:31:06 +08:00			`zf.extract(ENTRY_TO_EXTRACT, EXTRACTED_FILENAME)`

File.exists? -> File.exist? 2014-02-07 07:00:38 +08:00			`assert(File.exist?(EXTRACTED_FILENAME))`
fix rubocop Style/ColonMethodCall cop 2015-03-21 16:16:06 +08:00			`AssertEntry.assert_contents(EXTRACTED_FILENAME,`
Fix Style/SymbolProc cop. 2019-09-27 05:38:28 +08:00			`zf.get_input_stream(ENTRY_TO_EXTRACT, &:read))`
Split all tests to small files. Move to minitest 2014-01-21 05:31:06 +08:00
			`::File.unlink(EXTRACTED_FILENAME)`

			`entry = zf.get_entry(ENTRY_TO_EXTRACT)`
			`entry.extract(EXTRACTED_FILENAME)`

File.exists? -> File.exist? 2014-02-07 07:00:38 +08:00			`assert(File.exist?(EXTRACTED_FILENAME))`
fix rubocop Style/ColonMethodCall cop 2015-03-21 16:16:06 +08:00			`AssertEntry.assert_contents(EXTRACTED_FILENAME,`
Fix Style/SymbolProc cop. 2019-09-27 05:38:28 +08:00			`entry.get_input_stream(&:read))`
fix rubocop Style/Blocks cop 2015-03-21 16:10:37 +08:00			`end`
Split all tests to small files. Move to minitest 2014-01-21 05:31:06 +08:00			`end`

fix rubocop Style/MethodName cop 2015-03-25 00:02:54 +08:00			`def test_extract_exists`
Fix Naming/VariableName cop in the tests. 2020-02-19 18:52:49 +08:00			`text = 'written text'`
			`::File.open(EXTRACTED_FILENAME, 'w') { \|f\| f.write(text) }`
Split all tests to small files. Move to minitest 2014-01-21 05:31:06 +08:00
fix rubocop Style/Blocks cop 2015-03-21 16:10:37 +08:00			`assert_raises(::Zip::DestinationFileExistsError) do`
			`::Zip::File.open(TEST_ZIP.zip_name) do \|zf\|`
Split all tests to small files. Move to minitest 2014-01-21 05:31:06 +08:00			`zf.extract(zf.entries.first, EXTRACTED_FILENAME)`
fix rubocop Style/Blocks cop 2015-03-21 16:10:37 +08:00			`end`
			`end`
fix rubocop Style/StringLiterals cop 2015-03-21 16:27:44 +08:00			`File.open(EXTRACTED_FILENAME, 'r') do \|f\|`
Fix Naming/VariableName cop in the tests. 2020-02-19 18:52:49 +08:00			`assert_equal(text, f.read)`
fix rubocop Style/Blocks cop 2015-03-21 16:10:37 +08:00			`end`
Split all tests to small files. Move to minitest 2014-01-21 05:31:06 +08:00			`end`

fix rubocop Style/MethodName cop 2015-03-25 00:02:54 +08:00			`def test_extract_exists_overwrite`
Fix Naming/VariableName cop in the tests. 2020-02-19 18:52:49 +08:00			`text = 'written text'`
			`::File.open(EXTRACTED_FILENAME, 'w') { \|f\| f.write(text) }`
Split all tests to small files. Move to minitest 2014-01-21 05:31:06 +08:00
Fix Naming/VariableName cop in the tests. 2020-02-19 18:52:49 +08:00			`called_correctly = false`
fix rubocop Style/Blocks cop 2015-03-21 16:10:37 +08:00			`::Zip::File.open(TEST_ZIP.zip_name) do \|zf\|`
Fix Naming/BlockParameterName cop. 2020-02-18 06:35:08 +08:00			`zf.extract(zf.entries.first, EXTRACTED_FILENAME) do \|entry, extract_loc\|`
Fix Naming/VariableName cop in the tests. 2020-02-19 18:52:49 +08:00			`called_correctly = zf.entries.first == entry &&`
			`extract_loc == EXTRACTED_FILENAME`
Split all tests to small files. Move to minitest 2014-01-21 05:31:06 +08:00			`true`
fix rubocop Style/Blocks cop 2015-03-21 16:10:37 +08:00			`end`
			`end`
Split all tests to small files. Move to minitest 2014-01-21 05:31:06 +08:00
Fix Naming/VariableName cop in the tests. 2020-02-19 18:52:49 +08:00			`assert(called_correctly)`
fix rubocop Style/StringLiterals cop 2015-03-21 16:27:44 +08:00			`::File.open(EXTRACTED_FILENAME, 'r') do \|f\|`
Fix Naming/VariableName cop in the tests. 2020-02-19 18:52:49 +08:00			`assert(text != f.read)`
fix rubocop Style/Blocks cop 2015-03-21 16:10:37 +08:00			`end`
Split all tests to small files. Move to minitest 2014-01-21 05:31:06 +08:00			`end`

fix rubocop Style/MethodName cop 2015-03-25 00:02:54 +08:00			`def test_extract_non_entry`
Split all tests to small files. Move to minitest 2014-01-21 05:31:06 +08:00			`zf = ::Zip::File.new(TEST_ZIP.zip_name)`
fix rubocop Style/StringLiterals cop 2015-03-21 16:27:44 +08:00			`assert_raises(Errno::ENOENT) { zf.extract('nonExistingEntry', 'nonExistingEntry') }`
Split all tests to small files. Move to minitest 2014-01-21 05:31:06 +08:00			`ensure`
			`zf.close if zf`
			`end`

fix rubocop Style/MethodName cop 2015-03-25 00:02:54 +08:00			`def test_extract_non_entry_2`
Fix Naming/VariableName cop in the tests. 2020-02-19 18:52:49 +08:00			`out_file = 'outfile'`
fix rubocop Style/Blocks cop 2015-03-21 16:10:37 +08:00			`assert_raises(Errno::ENOENT) do`
Split all tests to small files. Move to minitest 2014-01-21 05:31:06 +08:00			`zf = ::Zip::File.new(TEST_ZIP.zip_name)`
Fix Naming/VariableName cop in the tests. 2020-02-19 18:52:49 +08:00			`non_entry = 'hotdog-diddelidoo'`
			`assert(!zf.entries.include?(non_entry))`
			`zf.extract(non_entry, out_file)`
Split all tests to small files. Move to minitest 2014-01-21 05:31:06 +08:00			`zf.close`
fix rubocop Style/Blocks cop 2015-03-21 16:10:37 +08:00			`end`
Fix Naming/VariableName cop in the tests. 2020-02-19 18:52:49 +08:00			`assert(!File.exist?(out_file))`
Split all tests to small files. Move to minitest 2014-01-21 05:31:06 +08:00			`end`
Validate entry sizes when extracting 2019-09-13 05:01:38 +08:00
			`def test_extract_incorrect_size`
			`# The uncompressed size fields in the zip file cannot be trusted. This makes`
			`# it harder for callers to validate the sizes of the files they are`
			`# extracting, which can lead to denial of service. See also`
			`# https://en.wikipedia.org/wiki/Zip_bomb`
			`Dir.mktmpdir do \|tmp\|`
			`real_zip = File.join(tmp, 'real.zip')`
			`fake_zip = File.join(tmp, 'fake.zip')`
			`file_name = 'a'`
			`true_size = 500_000`
			`fake_size = 1`

			`::Zip::File.open(real_zip, ::Zip::File::CREATE) do \|zf\|`
			`zf.get_output_stream(file_name) do \|os\|`
			`os.write 'a' * true_size`
			`end`
			`end`

			`compressed_size = nil`
			`::Zip::File.open(real_zip) do \|zf\|`
			`a_entry = zf.find_entry(file_name)`
			`compressed_size = a_entry.compressed_size`
			`assert_equal true_size, a_entry.size`
			`end`

test/file_extract_test.rb: fix test_extract_incorrect_size in s390x arch Using the current pack directives makes test_extract_incorrect_size fail in s390x architecture because of the endian probably. This is the output of the command executed by the test in amd64: irb(main):001:0> [501, 500000, 1].pack('LLS') => "\xF5\x01\x00\x00 \xA1\a\x00\x01\x00" And the output of the same command in s390x: irb(main):001:0> [501, 500000, 1].pack('LLS') => "\x00\x00\x01\xF5\x00\a\xA1 \x00\x01" Changing to 'VVv' pack directives like is used in lib/zib/entry.rb fixes the test in s390x and does not add a regression in amd64. 2020-03-26 01:45:09 +08:00			`true_size_bytes = [compressed_size, true_size, file_name.size].pack('VVv')`
			`fake_size_bytes = [compressed_size, fake_size, file_name.size].pack('VVv')`
Validate entry sizes when extracting 2019-09-13 05:01:38 +08:00
			`data = File.binread(real_zip)`
			`assert data.include?(true_size_bytes)`
			`data.gsub! true_size_bytes, fake_size_bytes`

			`File.open(fake_zip, 'wb') do \|file\|`
			`file.write data`
			`end`

			`Dir.chdir tmp do`
			`::Zip::File.open(fake_zip) do \|zf\|`
			`a_entry = zf.find_entry(file_name)`
			`assert_equal fake_size, a_entry.size`

			`::Zip.validate_entry_sizes = false`
Update tests to check error messages. Check that they say the right things and are on stderr, not stdout. A nice side effect of this is that it cleans up the test output. 2019-10-13 22:40:49 +08:00			`assert_output('', /.+\'a\'.+1B.+/) do`
			`a_entry.extract`
			`end`
Validate entry sizes when extracting 2019-09-13 05:01:38 +08:00			`assert_equal true_size, File.size(file_name)`
			`FileUtils.rm file_name`

			`::Zip.validate_entry_sizes = true`
			`error = assert_raises ::Zip::EntrySizeError do`
			`a_entry.extract`
			`end`
			`assert_equal \`
Make warning messages consistent. And fix a few spelling mistakes. 2019-10-12 14:26:15 +08:00			`"entry 'a' should be 1B, but is larger when inflated.",`
Validate entry sizes when extracting 2019-09-13 05:01:38 +08:00			`error.message`
			`end`
			`end`
			`end`
			`end`
Split all tests to small files. Move to minitest 2014-01-21 05:31:06 +08:00			`end`