This is an automated email from the ASF dual-hosted git repository. heneveld pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/brooklyn-server.git
commit 1b8279767fd105032529577bc8deeb829c49d7e0 Author: Juan Cabrerizo <[email protected]> AuthorDate: Tue Nov 29 16:14:53 2022 +0000 address PR comments --- .../brooklyn/util/core/file/ArchiveUtilsTest.java | 37 ++++++++++++---------- 1 file changed, 21 insertions(+), 16 deletions(-) diff --git a/core/src/test/java/org/apache/brooklyn/util/core/file/ArchiveUtilsTest.java b/core/src/test/java/org/apache/brooklyn/util/core/file/ArchiveUtilsTest.java index 9582f9eaa0..9f4bb5c340 100644 --- a/core/src/test/java/org/apache/brooklyn/util/core/file/ArchiveUtilsTest.java +++ b/core/src/test/java/org/apache/brooklyn/util/core/file/ArchiveUtilsTest.java @@ -29,6 +29,7 @@ import java.util.Map; import java.util.zip.ZipFile; import com.google.common.io.ByteStreams; +import org.apache.brooklyn.test.Asserts; import org.testng.annotations.AfterClass; import org.testng.annotations.AfterMethod; import org.testng.annotations.BeforeClass; @@ -112,29 +113,18 @@ public class ArchiveUtilsTest extends BrooklynAppUnitTestSupport { ArchiveUtils.deploy(origJar.getAbsolutePath(), machine, destDir.getAbsolutePath(), destFile); assertFilesEqual(new File(destDir, destFile), origJar); } - @Test(groups="Integration", expectedExceptions = IllegalStateException.class) + @Test(groups="Integration") public void testUnzipFileAccessingPathOutsideTargetFolderEvilWinFormat() throws Exception{ InputStream evilZip = ResourceUtils.create(this).getResourceFromUrl("classpath://brooklyn/util/file.core/evilWin.zip"); - File tempZipFile = File.createTempFile("test-zip",null); - tempZipFile.deleteOnExit(); - java.nio.file.Files.write(tempZipFile.toPath(), ByteStreams.toByteArray(evilZip), StandardOpenOption.TRUNCATE_EXISTING); - ArchiveUtils.extractZip(new ZipFile(tempZipFile),destDir.getAbsolutePath()); + Asserts.assertFailsWith(() -> doTestUnzip("classpath://brooklyn/util/file.core/evilWin.zip"), e -> { Asserts.expectedFailureContainsIgnoreCase(e, "Entry is outside of the target dir"); return true; }); } - @Test(groups="Integration", expectedExceptions = IllegalStateException.class) + @Test(groups="Integration") public void testUnzipFileAccessingPathOutsideTargetFolderEvilLinuxFormat() throws Exception{ - InputStream evilZip = ResourceUtils.create(this).getResourceFromUrl("classpath://brooklyn/util/file.core/evilLinux.zip"); - File tempZipFile = File.createTempFile("test-zip",null); - tempZipFile.deleteOnExit(); - java.nio.file.Files.write(tempZipFile.toPath(), ByteStreams.toByteArray(evilZip), StandardOpenOption.TRUNCATE_EXISTING); - ArchiveUtils.extractZip(new ZipFile(tempZipFile),destDir.getAbsolutePath()); + Asserts.assertFailsWith(() -> doTestUnzip("classpath://brooklyn/util/file.core/evilLinux.zip"), e -> { Asserts.expectedFailureContainsIgnoreCase(e, "Entry is outside of the target dir"); return true; }); } @Test(groups="Integration") public void testUnzipFileAccessingPathOutsideTargetFolderNoEvil() throws Exception{ - InputStream noEvilZip = ResourceUtils.create(this).getResourceFromUrl("classpath://brooklyn/util/file.core/noEvil.zip"); - File tempZipFile = File.createTempFile("test-zip",null); - tempZipFile.deleteOnExit(); - java.nio.file.Files.write(tempZipFile.toPath(), ByteStreams.toByteArray(noEvilZip), StandardOpenOption.TRUNCATE_EXISTING); - ArchiveUtils.extractZip(new ZipFile(tempZipFile),destDir.getAbsolutePath()); + doTestUnzip("classpath://brooklyn/util/file.core/noEvil.zip"); } private File newZip(Map<String, String> files) throws Exception { @@ -159,4 +149,19 @@ public class ArchiveUtilsTest extends BrooklynAppUnitTestSupport { assertEquals(Joiner.on("\n").join(Files.readLines(subFile, Charsets.UTF_8)), entry.getValue()); } } + + private void doTestUnzip(String url) { + File tempZipFile = null; + InputStream evilZip = ResourceUtils.create(this).getResourceFromUrl(url); + try { + tempZipFile = File.createTempFile("test-zip", null); + tempZipFile.deleteOnExit(); + java.nio.file.Files.write(tempZipFile.toPath(), ByteStreams.toByteArray(evilZip), StandardOpenOption.TRUNCATE_EXISTING); + ArchiveUtils.extractZip(new ZipFile(tempZipFile), destDir.getAbsolutePath()); + } catch (Exception e) { + throw new RuntimeException(e); + } finally { + tempZipFile.delete(); + } + } }
