DevComp/zip-rs-wasm
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

fix: ZipArchive::extract incomplete

Browse source 
Path sanitization needs to be implemented before we can make this public
This commit is contained in:
Marli Frost 2020-08-19 14:02:35 +01:00
parent 4eba55cb7a
commit 0b46263eac
No known key found for this signature in database
GPG key ID: CB0BEA7CF9BD1245
2 changed files with 12 additions and 7 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

9
src/read.rs
View file

@ -322,10 +322,14 @@ impl<R: Read + io::Seek> ZipArchive<R> {
/// # Platform-specific behaviour /// # Platform-specific behaviour
/// ///
/// On unix systems permissions from the zip file are preserved, if they exist. /// On unix systems permissions from the zip file are preserved, if they exist.
pub fn extract<P: AsRef<Path>>(&mut self, directory: P) -> ZipResult<()> { // FIXME: Implement path sanitization to allow this to be public API.
// This probably means failing on paths that would escape the directory
#[allow(dead_code)]
fn extract<P: AsRef<Path>>(&mut self, directory: P) -> ZipResult<()> {
for i in 0..self.len() { for i in 0..self.len() {
let mut file = self.by_index(i)?; let mut file = self.by_index(i)?;
let filepath = file.sanitized_name(); let filepath: std::path::PathBuf =
(|| unimplemented!("the sanitized path of {}", file.name()))();
let outpath = directory.as_ref().join(filepath); let outpath = directory.as_ref().join(filepath);
@ -936,6 +940,7 @@ mod test {
for i in 0..zip.len() { for i in 0..zip.len() {
let zip_file = zip.by_index(i).unwrap(); let zip_file = zip.by_index(i).unwrap();
#[allow(deprecated)]
let full_name = zip_file.sanitized_name(); let full_name = zip_file.sanitized_name();
let file_name = full_name.file_name().unwrap().to_str().unwrap(); let file_name = full_name.file_name().unwrap().to_str().unwrap();
assert!( assert!(

10
tests/extract.rs
View file

@ -2,20 +2,20 @@ extern crate zip;
use std::fs; use std::fs;
use std::io; use std::io;
use std::path::PathBuf;
use zip::ZipArchive; use zip::ZipArchive;
// This tests extracting the contents of a zip file // This tests extracting the contents of a zip file
#[test] #[test]
#[ignore]
fn extract() { fn extract() {
let mut v = Vec::new(); let mut v = Vec::new();
v.extend_from_slice(include_bytes!("../tests/data/files_and_dirs.zip")); v.extend_from_slice(include_bytes!("../tests/data/files_and_dirs.zip"));
let mut archive = ZipArchive::new(io::Cursor::new(v)).expect("couldn't open test zip file"); let mut _archive = ZipArchive::new(io::Cursor::new(v)).expect("couldn't open test zip file");
archive // archive
.extract(&PathBuf::from("test_directory")) // .extract("test_directory")
.expect("extract failed"); // .expect("extract failed");
// Cleanup // Cleanup
fs::remove_dir_all("test_directory").expect("failed to remove extracted files"); fs::remove_dir_all("test_directory").expect("failed to remove extracted files");