gitlab-org--gitlab-foss/spec/lib/safe_zip/entry_spec.rb

# frozen_string_literal: true

require 'spec_helper'

RSpec.describe SafeZip::Entry do
  let(:target_path) { Dir.mktmpdir('safe-zip') }
  let(:directories) { %w(public folder/with/subfolder) }
  let(:params) { SafeZip::ExtractParams.new(directories: directories, to: target_path) }

  let(:entry) { described_class.new(zip_archive, zip_entry, params) }
  let(:entry_name) { 'public/folder/index.html' }
  let(:entry_path_dir) { File.join(target_path, File.dirname(entry_name)) }
  let(:entry_path) { File.join(target_path, entry_name) }
  let(:zip_archive) { double }

  let(:zip_entry) do
    double(
      name: entry_name,
      file?: false,
      directory?: false,
      symlink?: false)
  end

  after do
    FileUtils.remove_entry_secure(target_path)
  end

  describe '#path_dir' do
    subject { entry.path_dir }

    it { is_expected.to eq(target_path + '/public/folder') }
  end

  describe '#exist?' do
    subject { entry.exist? }

    context 'when entry does not exist' do
      it { is_expected.not_to be_truthy }
    end

    context 'when entry does exist' do
      before do
        create_entry
      end

      it { is_expected.to be_truthy }
    end
  end

  describe '#extract' do
    subject { entry.extract }

    context 'when entry does not match the filtered directories' do
      using RSpec::Parameterized::TableSyntax

      where(:entry_name) do
        [
          'assets/folder/index.html',
          'public/../folder/index.html',
          'public/../../../../../index.html',
          '../../../../../public/index.html',
          '/etc/passwd'
        ]
      end

      with_them do
        it 'does not extract file' do
          is_expected.to be_falsey
        end
      end
    end

    context 'when entry does exist' do
      before do
        create_entry
      end

      it 'raises an exception' do
        expect { subject }.to raise_error(SafeZip::Extract::AlreadyExistsError)
      end
    end

    context 'when entry type is unknown' do
      it 'raises an exception' do
        expect { subject }.to raise_error(SafeZip::Extract::UnsupportedEntryError)
      end
    end

    context 'when entry is valid' do
      shared_examples 'secured symlinks' do
        context 'when we try to extract entry into symlinked folder' do
          before do
            FileUtils.mkdir_p(File.join(target_path, "source"))
            File.symlink("source", File.join(target_path, "public"))
          end

          it 'raises an exception' do
            expect { subject }.to raise_error(SafeZip::Extract::PermissionDeniedError)
          end
        end
      end

      context 'and is file' do
        before do
          allow(zip_entry).to receive(:file?) { true }
        end

        it 'does extract file' do
          expect(zip_archive).to receive(:extract)
            .with(zip_entry, entry_path)
            .and_return(true)

          is_expected.to be_truthy
        end

        it_behaves_like 'secured symlinks'
      end

      context 'and is directory' do
        let(:entry_name) { 'public/folder/assets' }

        before do
          allow(zip_entry).to receive(:directory?) { true }
        end

        it 'does create directory' do
          is_expected.to be_truthy

          expect(File.exist?(entry_path)).to eq(true)
        end

        it_behaves_like 'secured symlinks'
      end

      context 'and is symlink' do
        let(:entry_name) { 'public/folder/assets' }

        before do
          allow(zip_entry).to receive(:symlink?) { true }
          allow(zip_archive).to receive(:read).with(zip_entry) { entry_symlink }
        end

        shared_examples 'a valid symlink' do
          it 'does create symlink' do
            is_expected.to be_truthy

            expect(File.exist?(entry_path)).to eq(true)
          end
        end

        context 'when source is within target' do
          let(:entry_symlink) { '../images' }

          context 'but does not exist' do
            it 'raises an exception' do
              expect { subject }.to raise_error(SafeZip::Extract::SymlinkSourceDoesNotExistError)
            end
          end

          context 'and does exist' do
            before do
              FileUtils.mkdir_p(File.join(target_path, 'public', 'images'))
            end

            it_behaves_like 'a valid symlink'
          end
        end

        context 'when source points outside of target' do
          let(:entry_symlink) { '../../images' }

          before do
            FileUtils.mkdir(File.join(target_path, 'images'))
          end

          it 'raises an exception' do
            expect { subject }.to raise_error(SafeZip::Extract::PermissionDeniedError)
          end
        end

        context 'when source points to /etc/passwd' do
          let(:entry_symlink) { '/etc/passwd' }

          it 'raises an exception' do
            expect { subject }.to raise_error(SafeZip::Extract::PermissionDeniedError)
          end
        end
      end
    end
  end

  private

  def create_entry
    FileUtils.mkdir_p(entry_path_dir)
    FileUtils.touch(entry_path)
  end
end
Add frozen_string_literal to lib part 2 Using the sed script from https://gitlab.com/gitlab-org/gitlab-ce/issues/59758 2019-08-22 06:57:44 -04:00			`# frozen_string_literal: true`

Extract GitLab Pages using RubyZip RubyZip allows us to perform strong validation of expanded paths where we do extract file. We introduce the following additional checks to extract routines: 1. None of path components can be symlinked, 2. We drop privileges support for directories, 3. Symlink source needs to point within the target directory, like `public/`, 4. The symlink source needs to exist ahead of time. 2019-01-02 14:01:11 -05:00			`require 'spec_helper'`

Add latest changes from gitlab-org/gitlab@master 2020-06-24 14:09:03 -04:00			`RSpec.describe SafeZip::Entry do`
Extract GitLab Pages using RubyZip RubyZip allows us to perform strong validation of expanded paths where we do extract file. We introduce the following additional checks to extract routines: 1. None of path components can be symlinked, 2. We drop privileges support for directories, 3. Symlink source needs to point within the target directory, like `public/`, 4. The symlink source needs to exist ahead of time. 2019-01-02 14:01:11 -05:00			`let(:target_path) { Dir.mktmpdir('safe-zip') }`
			`let(:directories) { %w(public folder/with/subfolder) }`
			`let(:params) { SafeZip::ExtractParams.new(directories: directories, to: target_path) }`

			`let(:entry) { described_class.new(zip_archive, zip_entry, params) }`
			`let(:entry_name) { 'public/folder/index.html' }`
			`let(:entry_path_dir) { File.join(target_path, File.dirname(entry_name)) }`
			`let(:entry_path) { File.join(target_path, entry_name) }`
			`let(:zip_archive) { double }`

			`let(:zip_entry) do`
			`double(`
			`name: entry_name,`
			`file?: false,`
			`directory?: false,`
			`symlink?: false)`
			`end`

			`after do`
			`FileUtils.remove_entry_secure(target_path)`
			`end`

Add latest changes from gitlab-org/gitlab@master 2020-02-06 16:08:48 -05:00			`describe '#path_dir' do`
Extract GitLab Pages using RubyZip RubyZip allows us to perform strong validation of expanded paths where we do extract file. We introduce the following additional checks to extract routines: 1. None of path components can be symlinked, 2. We drop privileges support for directories, 3. Symlink source needs to point within the target directory, like `public/`, 4. The symlink source needs to exist ahead of time. 2019-01-02 14:01:11 -05:00			`subject { entry.path_dir }`

			`it { is_expected.to eq(target_path + '/public/folder') }`
			`end`

Add latest changes from gitlab-org/gitlab@master 2020-02-06 16:08:48 -05:00			`describe '#exist?' do`
Extract GitLab Pages using RubyZip RubyZip allows us to perform strong validation of expanded paths where we do extract file. We introduce the following additional checks to extract routines: 1. None of path components can be symlinked, 2. We drop privileges support for directories, 3. Symlink source needs to point within the target directory, like `public/`, 4. The symlink source needs to exist ahead of time. 2019-01-02 14:01:11 -05:00			`subject { entry.exist? }`

			`context 'when entry does not exist' do`
			`it { is_expected.not_to be_truthy }`
			`end`

			`context 'when entry does exist' do`
			`before do`
			`create_entry`
			`end`

			`it { is_expected.to be_truthy }`
			`end`
			`end`

			`describe '#extract' do`
			`subject { entry.extract }`

			`context 'when entry does not match the filtered directories' do`
			`using RSpec::Parameterized::TableSyntax`

			`where(:entry_name) do`
			`[`
			`'assets/folder/index.html',`
			`'public/../folder/index.html',`
			`'public/../../../../../index.html',`
			`'../../../../../public/index.html',`
			`'/etc/passwd'`
			`]`
			`end`

			`with_them do`
			`it 'does not extract file' do`
			`is_expected.to be_falsey`
			`end`
			`end`
			`end`

			`context 'when entry does exist' do`
			`before do`
			`create_entry`
			`end`

			`it 'raises an exception' do`
			`expect { subject }.to raise_error(SafeZip::Extract::AlreadyExistsError)`
			`end`
			`end`

			`context 'when entry type is unknown' do`
			`it 'raises an exception' do`
			`expect { subject }.to raise_error(SafeZip::Extract::UnsupportedEntryError)`
			`end`
			`end`

			`context 'when entry is valid' do`
			`shared_examples 'secured symlinks' do`
			`context 'when we try to extract entry into symlinked folder' do`
			`before do`
			`FileUtils.mkdir_p(File.join(target_path, "source"))`
			`File.symlink("source", File.join(target_path, "public"))`
			`end`

			`it 'raises an exception' do`
			`expect { subject }.to raise_error(SafeZip::Extract::PermissionDeniedError)`
			`end`
			`end`
			`end`

			`context 'and is file' do`
			`before do`
			`allow(zip_entry).to receive(:file?) { true }`
			`end`

			`it 'does extract file' do`
			`expect(zip_archive).to receive(:extract)`
			`.with(zip_entry, entry_path)`
			`.and_return(true)`

			`is_expected.to be_truthy`
			`end`

			`it_behaves_like 'secured symlinks'`
			`end`

			`context 'and is directory' do`
			`let(:entry_name) { 'public/folder/assets' }`

			`before do`
			`allow(zip_entry).to receive(:directory?) { true }`
			`end`

			`it 'does create directory' do`
			`is_expected.to be_truthy`

			`expect(File.exist?(entry_path)).to eq(true)`
			`end`

			`it_behaves_like 'secured symlinks'`
			`end`

			`context 'and is symlink' do`
			`let(:entry_name) { 'public/folder/assets' }`

			`before do`
			`allow(zip_entry).to receive(:symlink?) { true }`
			`allow(zip_archive).to receive(:read).with(zip_entry) { entry_symlink }`
			`end`

			`shared_examples 'a valid symlink' do`
			`it 'does create symlink' do`
			`is_expected.to be_truthy`

			`expect(File.exist?(entry_path)).to eq(true)`
			`end`
			`end`

			`context 'when source is within target' do`
			`let(:entry_symlink) { '../images' }`

			`context 'but does not exist' do`
			`it 'raises an exception' do`
			`expect { subject }.to raise_error(SafeZip::Extract::SymlinkSourceDoesNotExistError)`
			`end`
			`end`

			`context 'and does exist' do`
			`before do`
			`FileUtils.mkdir_p(File.join(target_path, 'public', 'images'))`
			`end`

			`it_behaves_like 'a valid symlink'`
			`end`
			`end`

			`context 'when source points outside of target' do`
			`let(:entry_symlink) { '../../images' }`

			`before do`
			`FileUtils.mkdir(File.join(target_path, 'images'))`
			`end`

			`it 'raises an exception' do`
			`expect { subject }.to raise_error(SafeZip::Extract::PermissionDeniedError)`
			`end`
			`end`

			`context 'when source points to /etc/passwd' do`
			`let(:entry_symlink) { '/etc/passwd' }`

			`it 'raises an exception' do`
			`expect { subject }.to raise_error(SafeZip::Extract::PermissionDeniedError)`
			`end`
			`end`
			`end`
			`end`
			`end`

			`private`

			`def create_entry`
			`FileUtils.mkdir_p(entry_path_dir)`
			`FileUtils.touch(entry_path)`
			`end`
			`end`