From 178699d2d533da97045436270c3f9d1885b0bee3 Mon Sep 17 00:00:00 2001
From: Zac Pullar-Strecker <zacmps@gmail.com>
Date: Sun, 27 Oct 2019 18:20:25 +1300
Subject: [PATCH 1/5] Add function to extract a all files in an archive to a
 directory

---
 src/read.rs      | 49 ++++++++++++++++++++++++++++++++++++++++++++++--
 tests/extract.rs | 20 ++++++++++++++++++++
 2 files changed, 67 insertions(+), 2 deletions(-)
 create mode 100644 tests/extract.rs

diff --git a/src/read.rs b/src/read.rs
index d3e0960c..e7d3d706 100644
--- a/src/read.rs
+++ b/src/read.rs
@@ -6,8 +6,9 @@ use crate::result::{ZipError, ZipResult};
 use crate::spec;
 use std::borrow::Cow;
 use std::collections::HashMap;
-use std::io;
-use std::io::prelude::*;
+use std::io::{self, prelude::*};
+use std::fs;
+use std::path::Path;
 
 use crate::cp437::FromCp437;
 use crate::types::{DateTime, System, ZipFileData};
@@ -233,6 +234,50 @@ impl<R: Read + io::Seek> ZipArchive<R> {
         })
     }
 
+    /// Extract a Zip archive into a directory.
+    ///
+    /// Paths are sanitized so that they cannot escape the given directory.
+    ///
+    /// # Platform-specific behaviour
+    ///
+    /// On unix systems permissions from the zip file are preserved, if they exist.
+    pub fn extract(&mut self, directory: &Path) -> ZipResult<()> {
+        for i in 0..self.len() {
+            let mut file = self.by_index(i)?;
+            let filepath = file.sanitized_name();
+
+            // `sanitized_name` should return a relative path
+            // otherwise there's a risk of directory traversal attacks
+            assert!(filepath.is_relative());
+
+            let outpath = directory.join(filepath);
+
+            if (&*file.name()).ends_with('/') {
+                fs::create_dir_all(&outpath)?;
+            } else {
+                if let Some(p) = outpath.parent() {
+                    if !p.exists() {
+                        fs::create_dir_all(&p)?;
+                    }
+                }
+                let mut outfile = fs::File::create(&outpath)?;
+                io::copy(&mut file, &mut outfile)?;
+            }
+
+            // Get and Set permissions
+            #[cfg(unix)]
+            {
+                use std::os::unix::fs::PermissionsExt;
+
+                if let Some(mode) = file.unix_mode() {
+                    fs::set_permissions(&outpath, fs::Permissions::from_mode(mode))?;
+                }
+            }
+        }
+
+        Ok(())
+    }
+
     /// Number of files contained in this zip.
     ///
     /// ```
diff --git a/tests/extract.rs b/tests/extract.rs
new file mode 100644
index 00000000..de40a214
--- /dev/null
+++ b/tests/extract.rs
@@ -0,0 +1,20 @@
+extern crate zip;
+
+use std::io;
+use std::path::PathBuf;
+use std::fs;
+
+use zip::ZipArchive;
+
+// This tests extracting the contents of a zip file
+#[test]
+fn extract() {
+    let mut v = Vec::new();
+    v.extend_from_slice(include_bytes!("../tests/data/files_and_dirs.zip"));
+    let mut archive = ZipArchive::new(io::Cursor::new(v)).expect("couldn't open test zip file");
+
+    archive.extract(&PathBuf::from("test_directory")).expect("extract failed");
+
+    // Cleanup
+    fs::remove_dir_all("test_directory").expect("failed to remove extracted files");
+}

From f04e4f4a04db13776ac2421bf814fa4f72f9b402 Mon Sep 17 00:00:00 2001
From: Zac Pullar-Strecker <zacmps@gmail.com>
Date: Tue, 16 Jun 2020 14:31:55 +1200
Subject: [PATCH 2/5] Changes from review

---
 src/read.rs | 10 +++-------
 1 file changed, 3 insertions(+), 7 deletions(-)

diff --git a/src/read.rs b/src/read.rs
index e7d3d706..7d6115a9 100644
--- a/src/read.rs
+++ b/src/read.rs
@@ -241,18 +241,14 @@ impl<R: Read + io::Seek> ZipArchive<R> {
     /// # Platform-specific behaviour
     ///
     /// On unix systems permissions from the zip file are preserved, if they exist.
-    pub fn extract(&mut self, directory: &Path) -> ZipResult<()> {
+    pub fn extract(&mut self, directory: &dyn AsRef<Path>) -> ZipResult<()> {
         for i in 0..self.len() {
             let mut file = self.by_index(i)?;
             let filepath = file.sanitized_name();
 
-            // `sanitized_name` should return a relative path
-            // otherwise there's a risk of directory traversal attacks
-            assert!(filepath.is_relative());
+            let outpath = directory.as_ref().join(filepath);
 
-            let outpath = directory.join(filepath);
-
-            if (&*file.name()).ends_with('/') {
+            if (file.name()).ends_with('/') {
                 fs::create_dir_all(&outpath)?;
             } else {
                 if let Some(p) = outpath.parent() {

From c074a3090c47388e9c89932b0656afed95e09f49 Mon Sep 17 00:00:00 2001
From: Zac Pullar-Strecker <zacmps@gmail.com>
Date: Tue, 16 Jun 2020 14:45:36 +1200
Subject: [PATCH 3/5] run rustfmt

---
 src/read.rs      | 2 +-
 tests/extract.rs | 6 ++++--
 2 files changed, 5 insertions(+), 3 deletions(-)

diff --git a/src/read.rs b/src/read.rs
index 7d6115a9..e5a5bc38 100644
--- a/src/read.rs
+++ b/src/read.rs
@@ -6,8 +6,8 @@ use crate::result::{ZipError, ZipResult};
 use crate::spec;
 use std::borrow::Cow;
 use std::collections::HashMap;
-use std::io::{self, prelude::*};
 use std::fs;
+use std::io::{self, prelude::*};
 use std::path::Path;
 
 use crate::cp437::FromCp437;
diff --git a/tests/extract.rs b/tests/extract.rs
index de40a214..f71c9822 100644
--- a/tests/extract.rs
+++ b/tests/extract.rs
@@ -1,8 +1,8 @@
 extern crate zip;
 
+use std::fs;
 use std::io;
 use std::path::PathBuf;
-use std::fs;
 
 use zip::ZipArchive;
 
@@ -13,7 +13,9 @@ fn extract() {
     v.extend_from_slice(include_bytes!("../tests/data/files_and_dirs.zip"));
     let mut archive = ZipArchive::new(io::Cursor::new(v)).expect("couldn't open test zip file");
 
-    archive.extract(&PathBuf::from("test_directory")).expect("extract failed");
+    archive
+        .extract(&PathBuf::from("test_directory"))
+        .expect("extract failed");
 
     // Cleanup
     fs::remove_dir_all("test_directory").expect("failed to remove extracted files");

From 080292c6c3af80928aa04189f792c79cf28c4f25 Mon Sep 17 00:00:00 2001
From: Zac Pullar-Strecker <zacmps@gmail.com>
Date: Wed, 24 Jun 2020 10:16:27 +1200
Subject: [PATCH 4/5] Add doc comment about extract bailing without cleanup

---
 src/read.rs | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/src/read.rs b/src/read.rs
index e5a5bc38..d2eb4bf1 100644
--- a/src/read.rs
+++ b/src/read.rs
@@ -238,6 +238,8 @@ impl<R: Read + io::Seek> ZipArchive<R> {
     ///
     /// Paths are sanitized so that they cannot escape the given directory.
     ///
+    /// This bails on the first error and does not attempt cleanup.
+    ///
     /// # Platform-specific behaviour
     ///
     /// On unix systems permissions from the zip file are preserved, if they exist.

From a3aac29e852c0a85348d4385f6204196e051315e Mon Sep 17 00:00:00 2001
From: Zac Pullar-Strecker <zacmps@gmail.com>
Date: Fri, 26 Jun 2020 10:53:57 +1200
Subject: [PATCH 5/5] switch extract from dynamic to static dispatch

---
 src/read.rs | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/read.rs b/src/read.rs
index d2eb4bf1..5c19b955 100644
--- a/src/read.rs
+++ b/src/read.rs
@@ -243,7 +243,7 @@ impl<R: Read + io::Seek> ZipArchive<R> {
     /// # Platform-specific behaviour
     ///
     /// On unix systems permissions from the zip file are preserved, if they exist.
-    pub fn extract(&mut self, directory: &dyn AsRef<Path>) -> ZipResult<()> {
+    pub fn extract<P: AsRef<Path>>(&mut self, directory: P) -> ZipResult<()> {
         for i in 0..self.len() {
             let mut file = self.by_index(i)?;
             let filepath = file.sanitized_name();