File: PclZipTest.php

package info (click to toggle)
matomo-component-decompress 3.0.0-2
  • links: PTS, VCS
  • area: main
  • in suites: forky, sid
  • size: 444 kB
  • sloc: php: 3,125; makefile: 25; xml: 21
file content (66 lines) | stat: -rw-r--r-- 2,230 bytes parent folder | download | duplicates (2) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
 
<?php
/**
 * Matomo - free/libre analytics platform
 *
 * @link https://matomo.org
 * @license http://www.gnu.org/licenses/lgpl-3.0.html LGPL v3 or later
 */

namespace Tests\Matomo\Decompress;

use Matomo\Decompress\PclZip;

class PclZipTest extends TestBase
{
    public function testRelativePath()
    {
        $test = 'relative';
        $filename = $this->fixtureDirectory . $test . '.zip';

        $unzip = new PclZip($filename);
        $res = $unzip->extract($this->tempDirectory);
        $this->assertCount(1, $res);
        $this->assertFileExists($this->tempDirectory . $test . '.txt');
        $this->assertFileNotExists(__DIR__ . '/' . $test . '.txt');
        $this->assertFileNotExists(__DIR__ . '/../../tests/' . $test . '.txt');
        unlink($this->tempDirectory . $test . '.txt');
    }

    public function testRelativePathAttack()
    {
        $test = 'zaatt';
        $filename = $this->fixtureDirectory . $test . '.zip';

        $unzip = new PclZip($filename);
        $res = $unzip->extract($this->tempDirectory);
        $this->assertEquals(0, $res);
        $this->assertFileNotExists($this->tempDirectory . $test . '.txt');
        $this->assertFileNotExists($this->tempDirectory . '../' . $test . '.txt');
        $this->assertFileNotExists(__DIR__ . '/' . $test . '.txt');
        $this->assertFileNotExists(__DIR__ . '/../' . $test . '.txt');
        $this->assertFileNotExists(__DIR__ . '/../../' . $test . '.txt');
    }

    public function testAbsolutePathAttack()
    {
        $test = 'zaabs';
        $filename = $this->fixtureDirectory . $test . '.zip';

        $unzip = new PclZip($filename);
        $res = $unzip->extract($this->tempDirectory);
        $this->assertEquals(0, $res);
        $this->assertFileNotExists($this->tempDirectory . $test . '.txt');
        $this->assertFileNotExists(__DIR__ . '/' . $test . '.txt');
    }

    public function testUnzipInvalidFile2()
    {
        $filename = $this->fixtureDirectory . '/NotExisting.zip';

        $unzip = new PclZip($filename);
        $res = $unzip->extract($this->tempDirectory);
        $this->assertEquals(0, $res);

        $this->assertStringContainsString('PCLZIP_ERR_MISSING_FILE', $unzip->errorInfo());
    }
}