Capture status quo in testsdeployer

3 files changed, 19 insertions, 0 deletions

diff --git a/internal/deploy/extractzip_test.go b/internal/deploy/extractzip_test.go
index 2f15ff03..dd27050b 100644
--- a/internal/deploy/extractzip_test.go
+++ b/internal/deploy/extractzip_test.go
@@ -32,6 +32,24 @@ func TestExtractZip(t *testing.T) {
 				return err == ErrNoPublicFiles
 			},
 		},
+		{
+			desc:    "archive with evil symlink",
+			archive: "testdata/test3.zip",
+			mustExist: map[string]string{
+				// The test3.zip archive contains a symlink to /etc/passwd. This test
+				// asserts that instead of that symlink, we get a regular file whose
+				// contents are "/etc/passwd". If the extracted "public/passwd" was an
+				// actual symlink we would get the contents of the /etc/passwd file of
+				// the system where the test runs.
+				"public/passwd": "/etc/passwd",
+				// The "public/bar" symlink tries to point to "foo" but we don't support
+				// symlinks at the moment. Instead it creates a regular file with
+				// contents "bar". TODO: support valid symlinks?
+				"public/bar": "foo",
+				// "foo" is a regular file with contents "not-bar"
+				"public/foo": "not-bar\n",
+			},
+		},
 	}
 
 	for _, tc := range testCases {
diff --git a/internal/deploy/testdata/.gitignore b/internal/deploy/testdata/.gitignore
new file mode 100644
index 00000000..c75eeccc
--- /dev/null
+++ b/internal/deploy/testdata/.gitignore
@@ -0,0 +1 @@
+/public
diff --git a/internal/deploy/testdata/test3.zip b/internal/deploy/testdata/test3.zip
new file mode 100644
index 00000000..1af5da34
--- /dev/null
+++ b/internal/deploy/testdata/test3.zip