‪TYPO3CMS  11.5
ZipServiceTest.php
Go to the documentation of this file.
1 <?php
2 
3 declare(strict_types=1);
4 
5 /*
6  * This file is part of the TYPO3 CMS project.
7  *
8  * It is free software; you can redistribute it and/or modify it under
9  * the terms of the GNU General Public License, either version 2
10  * of the License, or any later version.
11  *
12  * For the full copyright and license information, please read the
13  * LICENSE.txt file that was distributed with this source code.
14  *
15  * The TYPO3 project - inspiring people to share!
16  */
17 
18 namespace ‪TYPO3\CMS\Core\Tests\Functional\Service\Archive;
19 
20 use org\bovigo\vfs\vfsStream;
21 use org\bovigo\vfs\vfsStreamDirectory;
22 use ‪TYPO3\CMS\Core\Exception\Archive\ExtractException;
23 use ‪TYPO3\CMS\Core\Service\Archive\ZipService;
24 use ‪TYPO3\CMS\Core\Utility\GeneralUtility;
25 use TYPO3\TestingFramework\Core\Functional\FunctionalTestCase;
26 
27 class ‪ZipServiceTest extends FunctionalTestCase
28 {
32  protected ‪$initializeDatabase = false;
33 
37  private ‪$vfs;
38 
42  private ‪$directory;
43 
44  protected function ‪setUp(): void
45  {
46  parent::setUp();
47 
48  $structure = [
49  'typo3conf' => [
50  'ext' => [],
51  ],
52  ];
53  $this->vfs = vfsStream::setup('root', null, $structure);
54  $this->directory = vfsStream::url('root/typo3conf/ext');
55  }
56 
57  protected function ‪tearDown(): void
58  {
59  parent::tearDown();
60  unset($this->vfs, $this->directory);
61  }
62 
66  public function ‪filesCanNotGetExtractedOutsideTargetDirectory(): void
67  {
68  $extensionDirectory = $this->directory . '/malicious';
69  ‪GeneralUtility::mkdir($extensionDirectory);
70 
71  (new ZipService())->extract(
72  __DIR__ . '/Fixtures/malicious.zip',
73  $extensionDirectory
74  );
75  self::assertFileDoesNotExist($extensionDirectory . '/../tool.php');
76  self::assertFileExists($extensionDirectory . '/tool.php');
77  // This is a smoke test to verify PHP's zip library is broken regarding symlinks
78  self::assertFileExists($extensionDirectory . '/passwd');
79  self::assertFalse(is_link($extensionDirectory . '/passwd'));
80  }
81 
85  public function ‪fileContentIsExtractedAsExpected(): void
86  {
87  $extensionDirectory = $this->directory . '/my_extension';
88  ‪GeneralUtility::mkdir($extensionDirectory);
89 
90  (new ZipService())->extract(
91  __DIR__ . '/Fixtures/my_extension.zip',
92  $extensionDirectory
93  );
94 
95  self::assertDirectoryExists($extensionDirectory . '/Classes');
96  self::assertFileExists($extensionDirectory . '/Resources/Public/Css/empty.css');
97  self::assertFileExists($extensionDirectory . '/ext_emconf.php');
98  }
99 
103  public function ‪fileContentIsExtractedAsExpectedAndSetsPermissions(): void
104  {
105  ‪$GLOBALS['TYPO3_CONF_VARS']['SYS']['fileCreateMask'] = '0777';
106  ‪$GLOBALS['TYPO3_CONF_VARS']['SYS']['folderCreateMask'] = '0772';
107  $extensionDirectory = $this->directory . '/my_extension';
108  ‪GeneralUtility::mkdir($extensionDirectory);
109 
110  (new ZipService())->extract(
111  __DIR__ . '/Fixtures/my_extension.zip',
112  $extensionDirectory
113  );
114 
115  self::assertDirectoryExists($extensionDirectory . '/Classes');
116  self::assertFileExists($extensionDirectory . '/Resources/Public/Css/empty.css');
117  self::assertFileExists($extensionDirectory . '/ext_emconf.php');
118 
119  $filePerms = fileperms($extensionDirectory . '/Resources/Public/Css/empty.css');
120  $folderPerms = fileperms($extensionDirectory . '/Classes');
121  self::assertEquals(‪$GLOBALS['TYPO3_CONF_VARS']['SYS']['fileCreateMask'], substr(sprintf('%o', $filePerms), -4));
122  self::assertEquals(‪$GLOBALS['TYPO3_CONF_VARS']['SYS']['folderCreateMask'], substr(sprintf('%o', $folderPerms), -4));
123  }
124 
128  public function ‪nonExistentFileThrowsException(): void
129  {
130  $this->expectException(ExtractException::class);
131  $this->expectExceptionCode(1565709712);
132 
133  (new ZipService())->extract(
134  'foobar.zip',
135  vfsStream::url('root')
136  );
137  }
138 
142  public function ‪nonExistentDirectoryThrowsException(): void
143  {
144  $this->expectException(\RuntimeException::class);
145  $this->expectExceptionCode(1565773005);
146 
147  (new ZipService())->extract(
148  __DIR__ . '/Fixtures/my_extension.zip',
149  vfsStream::url('root/non-existent-directory')
150  );
151  }
152 
156  public function ‪nonWritableDirectoryThrowsException(): void
157  {
158  $this->expectException(\RuntimeException::class);
159  $this->expectExceptionCode(1565773006);
160 
161  $extensionDirectory = $this->directory . '/my_extension';
162  ‪GeneralUtility::mkdir($extensionDirectory);
163  chmod($extensionDirectory, 0000);
164 
165  (new ZipService())->extract(
166  __DIR__ . '/Fixtures/my_extension.zip',
167  $extensionDirectory
168  );
169  self::assertFileExists($extensionDirectory . '/Resources/Public/Css/empty.css');
170  }
171 
175  public function ‪verifyDetectsValidArchive(): void
176  {
177  self::assertTrue(
178  (new ZipService())->verify(__DIR__ . '/Fixtures/my_extension.zip')
179  );
180  }
181 
185  public function ‪verifyDetectsSuspiciousSequences(): void
186  {
187  $this->expectException(ExtractException::class);
188  $this->expectExceptionCode(1565709714);
189 
190  (new ZipService())->verify(__DIR__ . '/Fixtures/malicious.zip');
191  }
192 }
‪TYPO3\CMS\Core\Tests\Functional\Service\Archive\ZipServiceTest\$vfs
‪vfsStreamDirectory $vfs
Definition: ZipServiceTest.php:35
‪TYPO3\CMS\Core\Tests\Functional\Service\Archive
Definition: ZipServiceTest.php:18
‪TYPO3\CMS\Core\Tests\Functional\Service\Archive\ZipServiceTest\tearDown
‪tearDown()
Definition: ZipServiceTest.php:54
‪TYPO3\CMS\Core\Exception\Archive\ExtractException
Definition: ExtractException.php:25
‪TYPO3\CMS\Core\Tests\Functional\Service\Archive\ZipServiceTest\nonWritableDirectoryThrowsException
‪nonWritableDirectoryThrowsException()
Definition: ZipServiceTest.php:153
‪TYPO3\CMS\Core\Tests\Functional\Service\Archive\ZipServiceTest\$directory
‪string $directory
Definition: ZipServiceTest.php:39
‪TYPO3\CMS\Core\Tests\Functional\Service\Archive\ZipServiceTest\setUp
‪setUp()
Definition: ZipServiceTest.php:41
‪TYPO3\CMS\Core\Tests\Functional\Service\Archive\ZipServiceTest\fileContentIsExtractedAsExpected
‪fileContentIsExtractedAsExpected()
Definition: ZipServiceTest.php:82
‪TYPO3\CMS\Core\Tests\Functional\Service\Archive\ZipServiceTest\nonExistentFileThrowsException
‪nonExistentFileThrowsException()
Definition: ZipServiceTest.php:125
‪TYPO3\CMS\Core\Tests\Functional\Service\Archive\ZipServiceTest\nonExistentDirectoryThrowsException
‪nonExistentDirectoryThrowsException()
Definition: ZipServiceTest.php:139
‪TYPO3\CMS\Core\Tests\Functional\Service\Archive\ZipServiceTest\fileContentIsExtractedAsExpectedAndSetsPermissions
‪fileContentIsExtractedAsExpectedAndSetsPermissions()
Definition: ZipServiceTest.php:100
‪TYPO3\CMS\Core\Tests\Functional\Service\Archive\ZipServiceTest
Definition: ZipServiceTest.php:28
‪TYPO3\CMS\Core\Service\Archive\ZipService
Definition: ZipService.php:29
‪$GLOBALS
‪$GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['adminpanel']['modules']
Definition: ext_localconf.php:25
‪TYPO3\CMS\Core\Tests\Functional\Service\Archive\ZipServiceTest\verifyDetectsValidArchive
‪verifyDetectsValidArchive()
Definition: ZipServiceTest.php:172
‪TYPO3\CMS\Core\Tests\Functional\Service\Archive\ZipServiceTest\verifyDetectsSuspiciousSequences
‪verifyDetectsSuspiciousSequences()
Definition: ZipServiceTest.php:182
‪TYPO3\CMS\Core\Tests\Functional\Service\Archive\ZipServiceTest\$initializeDatabase
‪bool $initializeDatabase
Definition: ZipServiceTest.php:31
‪TYPO3\CMS\Core\Utility\GeneralUtility
Definition: GeneralUtility.php:50
‪TYPO3\CMS\Core\Utility\GeneralUtility\mkdir
‪static bool mkdir($newFolder)
Definition: GeneralUtility.php:1891
‪TYPO3\CMS\Core\Tests\Functional\Service\Archive\ZipServiceTest\filesCanNotGetExtractedOutsideTargetDirectory
‪filesCanNotGetExtractedOutsideTargetDirectory()
Definition: ZipServiceTest.php:63