1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
|
<?php
/**
* Matomo - free/libre analytics platform
*
* @link https://matomo.org
* @license http://www.gnu.org/licenses/lgpl-3.0.html LGPL v3 or later
*/
namespace Tests\Matomo\Decompress;
use Matomo\Decompress\ZipArchive;
class ZipArchiveTest extends TestBase
{
protected function setUp(): void
{
parent::setUp();
if (! class_exists(\ZipArchive::class)) {
$this->markTestSkipped('The PHP zip extension is not installed, skipping ZipArchive tests');
}
}
public function testRelativePath()
{
$test = 'relative';
$filename = $this->fixtureDirectory . $test . '.zip';
$unzip = new ZipArchive($filename);
$res = $unzip->extract($this->tempDirectory);
$this->assertCount(1, $res);
$this->assertFileExists($this->tempDirectory . $test . '.txt');
$this->assertFileNotExists(__DIR__ . '/' . $test . '.txt');
$this->assertFileNotExists(__DIR__ . '/../../tests/' . $test . '.txt');
unlink($this->tempDirectory . $test . '.txt');
}
public function testRelativePathAttack()
{
$test = 'zaatt';
$filename = $this->fixtureDirectory . $test . '.zip';
$unzip = new ZipArchive($filename);
$res = $unzip->extract($this->tempDirectory);
$this->assertEquals(0, $res);
$this->assertFileNotExists($this->tempDirectory . $test . '.txt');
$this->assertFileNotExists($this->tempDirectory . '../' . $test . '.txt');
$this->assertFileNotExists(__DIR__ . '/' . $test . '.txt');
$this->assertFileNotExists(__DIR__ . '/../' . $test . '.txt');
$this->assertFileNotExists(__DIR__ . '/../../' . $test . '.txt');
}
public function testAbsolutePathAttack()
{
$test = 'zaabs';
$filename = $this->fixtureDirectory . $test . '.zip';
$unzip = new ZipArchive($filename);
$res = $unzip->extract($this->tempDirectory);
$this->assertEquals(0, $res);
$this->assertFileNotExists($this->tempDirectory . $test . '.txt');
$this->assertFileNotExists(__DIR__ . '/' . $test . '.txt');
}
public function testUnzipErrorInfo()
{
$filename = $this->fixtureDirectory . '/zaabs.zip';
$unzip = new ZipArchive($filename);
$this->assertStringContainsString('No error', $unzip->errorInfo());
}
public function testUnzipEmptyFile()
{
$filename = $this->fixtureDirectory . 'empty.zip';
// Backup (https://github.com/php/php-src/issues/8781)
\copy($filename, $filename . '.original');
$unzip = new ZipArchive($filename);
$res = $unzip->extract($this->tempDirectory);
unset($unzip);// Destroy the ref
// Restore (https://github.com/php/php-src/issues/8781)
\rename($filename . '.original', $filename);
$this->assertEquals(0, $res);
}
public function testExtractOnNoSlashPathExtracted()
{
$filename = $this->fixtureDirectory . 'empty.zip';
$tempDirectory = '/tmp';
// Backup (https://github.com/php/php-src/issues/8781)
\copy($filename, $filename . '.original');
$unzip = new ZipArchive($filename);
$res = $unzip->extract($tempDirectory);
unset($unzip);// Destroy the ref
// Restore (https://github.com/php/php-src/issues/8781)
\rename($filename . '.original', $filename);
$this->assertEquals(0, $res);
}
public function testUnzipNotExistingFile()
{
$this->expectException(\Exception::class);
$this->expectExceptionMessageMatches('/^Error opening/');
new ZipArchive($this->fixtureDirectory . '/NotExisting.zip');
}
}
|
