diff options
author | Forrest L Norvell <forrest@npmjs.com> | 2015-04-09 07:35:00 +0300 |
---|---|---|
committer | Forrest L Norvell <forrest@npmjs.com> | 2015-04-09 07:35:00 +0300 |
commit | 20e90031b847e9f7c7168f3dad8b1e526f9a2586 (patch) | |
tree | 15b3247f1c0aa31fb3862db28ea6b94a420ba70c /node_modules/tar | |
parent | 26d36e9cf0eca69fe1863d2ea536c28555b9e8de (diff) |
tar@2.0.1
Normalize symlinks less aggressively -- only convert to absolute paths
if they would actually point outside the extraction root, not all
symlinks with relative paths.
Diffstat (limited to 'node_modules/tar')
-rw-r--r-- | node_modules/tar/lib/extract.js | 17 | ||||
-rw-r--r-- | node_modules/tar/package.json | 34 | ||||
-rw-r--r-- | node_modules/tar/test/dir-normalization.js | 92 | ||||
-rw-r--r-- | node_modules/tar/test/dir-normalization.tar | bin | 10240 -> 4608 bytes |
4 files changed, 99 insertions, 44 deletions
diff --git a/node_modules/tar/lib/extract.js b/node_modules/tar/lib/extract.js index ca82a65ce..5a4cb98c3 100644 --- a/node_modules/tar/lib/extract.js +++ b/node_modules/tar/lib/extract.js @@ -17,7 +17,6 @@ function Extract (opts) { // better to drop in cwd? seems more standard. opts.path = opts.path || path.resolve("node-tar-extract") - // have to dump into a directory opts.type = "Directory" opts.Directory = true @@ -44,19 +43,19 @@ function Extract (opts) { entry.linkpath = entry.props.linkpath = lp } } - if (entry.type === "Link") { - entry.linkpath = entry.props.linkpath = path.join( - opts.path, path.join("/", entry.props.linkpath) - ) + entry.linkpath = entry.props.linkpath = + path.join(opts.path, path.join("/", entry.props.linkpath)) } - if (entry.props && entry.props.linkpath) { + if (entry.type === "SymbolicLink") { + var dn = path.dirname(entry.path) || "" var linkpath = entry.props.linkpath - // normalize paths that point outside the extraction root - if (path.resolve(opts.path, linkpath).indexOf(opts.path) !== 0) { - entry.props.linkpath = path.join(opts.path, path.join("/", linkpath)) + var target = path.resolve(opts.path, dn, linkpath) + if (target.indexOf(opts.path) !== 0) { + linkpath = path.join(opts.path, path.join("/", linkpath)) } + entry.linkpath = entry.props.linkpath = linkpath } }) diff --git a/node_modules/tar/package.json b/node_modules/tar/package.json index 2387a15fb..ec4d2d379 100644 --- a/node_modules/tar/package.json +++ b/node_modules/tar/package.json @@ -6,7 +6,7 @@ }, "name": "tar", "description": "tar for node", - "version": "2.0.0", + "version": "2.0.1", "repository": { "type": "git", "url": "git://github.com/isaacs/node-tar.git" @@ -27,14 +27,34 @@ "mkdirp": "^0.5.0" }, "license": "BSD", - "readme": "# node-tar\n\nTar for Node.js.\n\n[![NPM](https://nodei.co/npm/tar.png)](https://nodei.co/npm/tar/)\n\n## API\n\nSee `examples/` for usage examples.\n\n### var tar = require('tar')\n\nReturns an object with `.Pack`, `.Extract` and `.Parse` methods.\n\n### tar.Pack([properties])\n\nReturns a through stream. Use\n[fstream](https://npmjs.org/package/fstream) to write files into the\npack stream and you will receive tar archive data from the pack\nstream.\n\nThis only works with directories, it does not work with individual files.\n\nThe optional `properties` object are used to set properties in the tar\n'Global Extended Header'.\n\n### tar.Extract([options])\n\nReturns a through stream. Write tar data to the stream and the files\nin the tarball will be extracted onto the filesystem.\n\n`options` can be:\n\n```js\n{\n path: '/path/to/extract/tar/into',\n strip: 0, // how many path segments to strip from the root when extracting\n}\n```\n\n`options` also get passed to the `fstream.Writer` instance that `tar`\nuses internally.\n\n### tar.Parse()\n\nReturns a writable stream. Write tar data to it and it will emit\n`entry` events for each entry parsed from the tarball. This is used by\n`tar.Extract`.\n", - "readmeFilename": "README.md", - "gitHead": "9bde260b9ebe6808837a85bedf9c6f7bb04e004f", + "gitHead": "ce405d0b96f0fe186dd4cc68d666fabb0c59818d", "bugs": { "url": "https://github.com/isaacs/node-tar/issues" }, "homepage": "https://github.com/isaacs/node-tar", - "_id": "tar@2.0.0", - "_shasum": "7cf627bc632167766ce2a5a1f23e4ecb8e3f28bc", - "_from": "tar@>=2.0.0 <2.1.0" + "_id": "tar@2.0.1", + "_shasum": "a1537ab0d1ce61462ce87b4eed1cd263fba5fc17", + "_from": "tar@>=2.0.1 <2.1.0", + "_npmVersion": "2.7.6", + "_nodeVersion": "1.4.2", + "_npmUser": { + "name": "isaacs", + "email": "i@izs.me" + }, + "maintainers": [ + { + "name": "isaacs", + "email": "i@izs.me" + }, + { + "name": "othiym23", + "email": "ogd@aoaioxxysz.net" + } + ], + "dist": { + "shasum": "a1537ab0d1ce61462ce87b4eed1cd263fba5fc17", + "tarball": "http://registry.npmjs.org/tar/-/tar-2.0.1.tgz" + }, + "directories": {}, + "_resolved": "https://registry.npmjs.org/tar/-/tar-2.0.1.tgz" } diff --git a/node_modules/tar/test/dir-normalization.js b/node_modules/tar/test/dir-normalization.js index cdaa55353..9719c42f3 100644 --- a/node_modules/tar/test/dir-normalization.js +++ b/node_modules/tar/test/dir-normalization.js @@ -16,22 +16,37 @@ var expectEntries = [ { path: 'fixtures/', mode: '755', type: '5', - depth: undefined, - size: 0, - linkpath: '', - nlink: undefined, - dev: undefined, - ino: undefined + linkpath: '' + }, + { path: 'fixtures/a/', + mode: '755', + type: '5', + linkpath: '' }, { path: 'fixtures/the-chumbler', mode: '755', type: '2', - depth: undefined, - size: 0, linkpath: path.resolve(target, 'a/b/c/d/the-chumbler'), - nlink: undefined, - dev: undefined, - ino: undefined + }, + { path: 'fixtures/a/b/', + mode: '755', + type: '5', + linkpath: '' + }, + { path: 'fixtures/a/x', + mode: '644', + type: '0', + linkpath: '' + }, + { path: 'fixtures/a/b/c/', + mode: '755', + type: '5', + linkpath: '' + }, + { path: 'fixtures/a/b/c/y', + mode: '755', + type: '2', + linkpath: '../../x', } ] @@ -49,13 +64,41 @@ var expectFiles = [ depth: 1, linkpath: undefined }, + { path: '/fixtures/a', + mode: '40755', + type: 'Directory', + depth: 2, + linkpath: undefined + }, + { path: '/fixtures/a/b', + mode: '40755', + type: 'Directory', + depth: 3, + linkpath: undefined + }, + { path: '/fixtures/a/b/c', + mode: '40755', + type: 'Directory', + depth: 4, + linkpath: undefined + }, + { path: '/fixtures/a/b/c/y', + mode: '120755', + type: 'SymbolicLink', + depth: 5, + linkpath: '../../x' + }, + { path: '/fixtures/a/x', + mode: '100644', + type: 'File', + depth: 3, + linkpath: undefined + }, { path: '/fixtures/the-chumbler', mode: '120755', type: 'SymbolicLink', depth: 2, - size: 95, - linkpath: path.resolve(target, 'a/b/c/d/the-chumbler'), - nlink: 1 + linkpath: path.resolve(target, 'a/b/c/d/the-chumbler') } ] @@ -84,21 +127,16 @@ test('extract test', function (t) { }) extract.on('entry', function (entry) { + var mode = entry.props.mode & (~parseInt('22', 8)) var found = { path: entry.path, - mode: entry.props.mode.toString(8), + mode: mode.toString(8), type: entry.props.type, - depth: entry.props.depth, - size: entry.props.size, linkpath: entry.props.linkpath, - nlink: entry.props.nlink, - dev: entry.props.dev, - ino: entry.props.ino } var wanted = expectEntries[ee++] - - t.equivalent(found, wanted, 'tar entry ' + ee + ' ' + wanted.path) + t.equivalent(found, wanted, 'tar entry ' + ee + ' ' + (wanted && wanted.path)) }) function next () { @@ -116,19 +154,17 @@ test('extract test', function (t) { function foundEntry (entry) { var p = entry.path.substr(target.length) + var mode = entry.props.mode & (~parseInt('22', 8)) var found = { path: p, - mode: entry.props.mode.toString(8), + mode: mode.toString(8), type: entry.props.type, depth: entry.props.depth, - size: entry.props.size, - linkpath: entry.props.linkpath, - nlink: entry.props.nlink + linkpath: entry.props.linkpath } var wanted = expectFiles[ef++] - - t.has(found, wanted, 'unpacked file ' + ef + ' ' + wanted.path) + t.equivalent(found, wanted, 'unpacked file ' + ef + ' ' + (wanted && wanted.path)) entry.on('entry', foundEntry) } diff --git a/node_modules/tar/test/dir-normalization.tar b/node_modules/tar/test/dir-normalization.tar Binary files differindex d11d4eb8d..3c4845356 100644 --- a/node_modules/tar/test/dir-normalization.tar +++ b/node_modules/tar/test/dir-normalization.tar |