diff options
author | Forrest L Norvell <forrest@npmjs.com> | 2015-03-27 08:36:16 +0300 |
---|---|---|
committer | Forrest L Norvell <forrest@npmjs.com> | 2015-03-27 08:36:16 +0300 |
commit | 300834e91a4e2a95fb7fb59c309e7c3fc91d2312 (patch) | |
tree | bb382a35702e6e5724adb58c74524f705808ed46 /node_modules/tar | |
parent | 0dc68757cffd5397c280bc71365d106523a5a052 (diff) |
tar@2.0.0
Normalize symbolic links with targets that point outside the extraction
root.
Diffstat (limited to 'node_modules/tar')
-rw-r--r-- | node_modules/tar/lib/extract.js | 23 | ||||
-rw-r--r-- | node_modules/tar/package.json | 10 | ||||
-rw-r--r-- | node_modules/tar/test/dir-normalization.js | 141 | ||||
-rw-r--r-- | node_modules/tar/test/dir-normalization.tar | bin | 0 -> 10240 bytes |
4 files changed, 162 insertions, 12 deletions
diff --git a/node_modules/tar/lib/extract.js b/node_modules/tar/lib/extract.js index 9fb1e6fb1..ca82a65ce 100644 --- a/node_modules/tar/lib/extract.js +++ b/node_modules/tar/lib/extract.js @@ -11,16 +11,13 @@ function Extract (opts) { if (!(this instanceof Extract)) return new Extract(opts) tar.Parse.apply(this) - // have to dump into a directory - opts.type = "Directory" - opts.Directory = true - if (typeof opts !== "object") { opts = { path: opts } } // better to drop in cwd? seems more standard. opts.path = opts.path || path.resolve("node-tar-extract") + // have to dump into a directory opts.type = "Directory" opts.Directory = true @@ -47,9 +44,20 @@ function Extract (opts) { entry.linkpath = entry.props.linkpath = lp } } - if (entry.type !== "Link") return - entry.linkpath = entry.props.linkpath = - path.join(opts.path, path.join("/", entry.props.linkpath)) + + if (entry.type === "Link") { + entry.linkpath = entry.props.linkpath = path.join( + opts.path, path.join("/", entry.props.linkpath) + ) + } + + if (entry.props && entry.props.linkpath) { + var linkpath = entry.props.linkpath + // normalize paths that point outside the extraction root + if (path.resolve(opts.path, linkpath).indexOf(opts.path) !== 0) { + entry.props.linkpath = path.join(opts.path, path.join("/", linkpath)) + } + } }) this._fst.on("ready", function () { @@ -71,6 +79,7 @@ function Extract (opts) { this._fst.on("close", function () { // console.error("\nEEEE Extract End", me._fst.path) + me.emit("finish") me.emit("end") me.emit("close") }) diff --git a/node_modules/tar/package.json b/node_modules/tar/package.json index b4a120992..2387a15fb 100644 --- a/node_modules/tar/package.json +++ b/node_modules/tar/package.json @@ -6,7 +6,7 @@ }, "name": "tar", "description": "tar for node", - "version": "1.0.3", + "version": "2.0.0", "repository": { "type": "git", "url": "git://github.com/isaacs/node-tar.git" @@ -29,12 +29,12 @@ "license": "BSD", "readme": "# node-tar\n\nTar for Node.js.\n\n[![NPM](https://nodei.co/npm/tar.png)](https://nodei.co/npm/tar/)\n\n## API\n\nSee `examples/` for usage examples.\n\n### var tar = require('tar')\n\nReturns an object with `.Pack`, `.Extract` and `.Parse` methods.\n\n### tar.Pack([properties])\n\nReturns a through stream. Use\n[fstream](https://npmjs.org/package/fstream) to write files into the\npack stream and you will receive tar archive data from the pack\nstream.\n\nThis only works with directories, it does not work with individual files.\n\nThe optional `properties` object are used to set properties in the tar\n'Global Extended Header'.\n\n### tar.Extract([options])\n\nReturns a through stream. Write tar data to the stream and the files\nin the tarball will be extracted onto the filesystem.\n\n`options` can be:\n\n```js\n{\n path: '/path/to/extract/tar/into',\n strip: 0, // how many path segments to strip from the root when extracting\n}\n```\n\n`options` also get passed to the `fstream.Writer` instance that `tar`\nuses internally.\n\n### tar.Parse()\n\nReturns a writable stream. Write tar data to it and it will emit\n`entry` events for each entry parsed from the tarball. This is used by\n`tar.Extract`.\n", "readmeFilename": "README.md", - "gitHead": "f4151128c585da236c6b1e278b762ecaedc20c15", + "gitHead": "9bde260b9ebe6808837a85bedf9c6f7bb04e004f", "bugs": { "url": "https://github.com/isaacs/node-tar/issues" }, "homepage": "https://github.com/isaacs/node-tar", - "_id": "tar@1.0.3", - "_shasum": "15bcdab244fa4add44e4244a0176edb8aa9a2b44", - "_from": "tar@>=1.0.3 <1.1.0" + "_id": "tar@2.0.0", + "_shasum": "7cf627bc632167766ce2a5a1f23e4ecb8e3f28bc", + "_from": "tar@>=2.0.0 <2.1.0" } diff --git a/node_modules/tar/test/dir-normalization.js b/node_modules/tar/test/dir-normalization.js new file mode 100644 index 000000000..cdaa55353 --- /dev/null +++ b/node_modules/tar/test/dir-normalization.js @@ -0,0 +1,141 @@ +// Set the umask, so that it works the same everywhere. +process.umask(parseInt('22', 8)) + +var fs = require('fs') +var path = require('path') + +var fstream = require('fstream') +var test = require('tap').test + +var tar = require('../tar.js') +var file = path.resolve(__dirname, 'dir-normalization.tar') +var target = path.resolve(__dirname, 'tmp/dir-normalization-test') +var ee = 0 + +var expectEntries = [ + { path: 'fixtures/', + mode: '755', + type: '5', + depth: undefined, + size: 0, + linkpath: '', + nlink: undefined, + dev: undefined, + ino: undefined + }, + { path: 'fixtures/the-chumbler', + mode: '755', + type: '2', + depth: undefined, + size: 0, + linkpath: path.resolve(target, 'a/b/c/d/the-chumbler'), + nlink: undefined, + dev: undefined, + ino: undefined + } +] + +var ef = 0 +var expectFiles = [ + { path: '', + mode: '40755', + type: 'Directory', + depth: 0, + linkpath: undefined + }, + { path: '/fixtures', + mode: '40755', + type: 'Directory', + depth: 1, + linkpath: undefined + }, + { path: '/fixtures/the-chumbler', + mode: '120755', + type: 'SymbolicLink', + depth: 2, + size: 95, + linkpath: path.resolve(target, 'a/b/c/d/the-chumbler'), + nlink: 1 + } +] + +test('preclean', function (t) { + require('rimraf').sync(path.join(__dirname, '/tmp/dir-normalization-test')) + t.pass('cleaned!') + t.end() +}) + +test('extract test', function (t) { + var extract = tar.Extract(target) + var inp = fs.createReadStream(file) + + inp.pipe(extract) + + extract.on('end', function () { + t.equal(ee, expectEntries.length, 'should see ' + expectEntries.length + ' entries') + + // should get no more entries after end + extract.removeAllListeners('entry') + extract.on('entry', function (e) { + t.fail('Should not get entries after end!') + }) + + next() + }) + + extract.on('entry', function (entry) { + var found = { + path: entry.path, + mode: entry.props.mode.toString(8), + type: entry.props.type, + depth: entry.props.depth, + size: entry.props.size, + linkpath: entry.props.linkpath, + nlink: entry.props.nlink, + dev: entry.props.dev, + ino: entry.props.ino + } + + var wanted = expectEntries[ee++] + + t.equivalent(found, wanted, 'tar entry ' + ee + ' ' + wanted.path) + }) + + function next () { + var r = fstream.Reader({ + path: target, + type: 'Directory', + sort: 'alpha' + }) + + r.on('ready', function () { + foundEntry(r) + }) + + r.on('end', finish) + + function foundEntry (entry) { + var p = entry.path.substr(target.length) + var found = { + path: p, + mode: entry.props.mode.toString(8), + type: entry.props.type, + depth: entry.props.depth, + size: entry.props.size, + linkpath: entry.props.linkpath, + nlink: entry.props.nlink + } + + var wanted = expectFiles[ef++] + + t.has(found, wanted, 'unpacked file ' + ef + ' ' + wanted.path) + + entry.on('entry', foundEntry) + } + + function finish () { + t.equal(ef, expectFiles.length, 'should have ' + ef + ' items') + t.end() + } + } +}) diff --git a/node_modules/tar/test/dir-normalization.tar b/node_modules/tar/test/dir-normalization.tar Binary files differnew file mode 100644 index 000000000..d11d4eb8d --- /dev/null +++ b/node_modules/tar/test/dir-normalization.tar |