scripts/t/Dpkg_Source_Archive.t

   1 #!/usr/bin/perl
   2 #
   3 # This program is free software; you can redistribute it and/or modify
   4 # it under the terms of the GNU General Public License as published by
   5 # the Free Software Foundation; either version 2 of the License, or
   6 # (at your option) any later version.
   7 #
   8 # This program is distributed in the hope that it will be useful,
   9 # but WITHOUT ANY WARRANTY; without even the implied warranty of
  10 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  11 # GNU General Public License for more details.
  12 #
  13 # You should have received a copy of the GNU General Public License
  14 # along with this program.  If not, see <https://www.gnu.org/licenses/>.
  15
  16 use strict;
  17 use warnings;
  18
  19 use Test::More tests => 4;
  20 use Test::Dpkg qw(:paths);
  21
  22 use File::Spec;
  23 use File::Path qw(make_path);
  24
  25 BEGIN {
  26     use_ok('Dpkg::Source::Archive');
  27 }
  28
  29 use Dpkg;
  30 use Dpkg::File;
  31
  32 my $tmpdir = test_get_temp_path();
  33
  34 sub test_path_escape
  35 {
  36     my $name = shift;
  37
  38     my $treedir = File::Spec->rel2abs("$tmpdir/$name-tree");
  39     my $overdir = File::Spec->rel2abs("$tmpdir/$name-overlay");
  40     my $outdir = "$tmpdir/$name-out";
  41     my $expdir = "$tmpdir/$name-exp";
  42
  43     # This is the base directory, where we are going to be extracting stuff
  44     # into, which include traps.
  45     make_path("$treedir/subdir-a");
  46     file_touch("$treedir/subdir-a/file-a");
  47     file_touch("$treedir/subdir-a/file-pre-a");
  48     make_path("$treedir/subdir-b");
  49     file_touch("$treedir/subdir-b/file-b");
  50     file_touch("$treedir/subdir-b/file-pre-b");
  51     symlink File::Spec->abs2rel($outdir, $treedir), "$treedir/symlink-escape";
  52     symlink File::Spec->abs2rel("$outdir/nonexistent", $treedir), "$treedir/symlink-nonexistent";
  53     symlink "$treedir/file", "$treedir/symlink-within";
  54     file_touch("$treedir/supposed-dir");
  55
  56     # This is the overlay directory, which we'll pack and extract over the
  57     # base directory.
  58     make_path($overdir);
  59     make_path("$overdir/subdir-a/aa");
  60     file_dump("$overdir/subdir-a/aa/file-aa", 'aa');
  61     file_dump("$overdir/subdir-a/file-a", 'a');
  62     make_path("$overdir/subdir-b/bb");
  63     file_dump("$overdir/subdir-b/bb/file-bb", 'bb');
  64     file_dump("$overdir/subdir-b/file-b", 'b');
  65     make_path("$overdir/symlink-escape");
  66     file_dump("$overdir/symlink-escape/escaped-file", 'escaped');
  67     file_dump("$overdir/symlink-nonexistent", 'nonexistent');
  68     make_path("$overdir/symlink-within");
  69     make_path("$overdir/supposed-dir");
  70     file_dump("$overdir/supposed-dir/supposed-file", 'something');
  71
  72     # Generate overlay tar.
  73     system($Dpkg::PROGTAR, '-cf', "$overdir.tar", '-C', $overdir, qw(
  74         subdir-a subdir-b
  75         symlink-escape/escaped-file symlink-nonexistent symlink-within
  76         supposed-dir
  77         )) == 0
  78         or die "cannot create overlay tar archive\n";
  79
  80    # This is the expected directory, which we'll be comparing against.
  81     make_path($expdir);
  82     system('cp', '-a', $overdir, $expdir) == 0
  83         or die "cannot copy overlay hierarchy into expected directory\n";
  84
  85     # Store the expected and out reference directories into a tar to compare
  86     # its structure against the result reference.
  87     system($Dpkg::PROGTAR, '-cf', "$expdir.tar", '-C', $overdir, qw(
  88         subdir-a subdir-b
  89         symlink-escape/escaped-file symlink-nonexistent symlink-within
  90         supposed-dir
  91         ), '-C', $treedir, qw(
  92         subdir-a/file-pre-a
  93         subdir-b/file-pre-b
  94         )) == 0
  95         or die "cannot create expected tar archive\n";
  96
  97     # This directory is supposed to remain empty, anything inside implies a
  98     # directory traversal.
  99     make_path($outdir);
 100
 101     my $warnseen;
 102     local $SIG{__WARN__} = sub { $warnseen = $_[0] };
 103
 104     # Perform the extraction.
 105     my $tar = Dpkg::Source::Archive->new(filename => "$overdir.tar");
 106     $tar->extract($treedir, in_place => 1);
 107
 108     # Store the result into a tar to compare its structure against a reference.
 109     system($Dpkg::PROGTAR, '-cf', "$treedir.tar", '-C', $treedir, '.');
 110
 111     # Check results
 112     ok(length $warnseen && $warnseen =~ m/points outside source root/,
 113        'expected warning seen');
 114     ok(system($Dpkg::PROGTAR, '--compare', '-f', "$expdir.tar", '-C', $treedir) == 0,
 115        'expected directory matches');
 116     ok(! -e "$outdir/escaped-file",
 117        'expected output directory is empty, directory traversal');
 118 }
 119
 120 test_path_escape('in-place');
 121
 122 # TODO: Add actual test cases.