TYPO3 CMS  TYPO3_8-7
ZipServiceTest.php
Go to the documentation of this file.
1 <?php
2 declare(strict_types = 1);
3 namespace TYPO3\CMS\Core\Tests\Functional\Service\Archive;
4 
5 /*
6  * This file is part of the TYPO3 CMS project.
7  *
8  * It is free software; you can redistribute it and/or modify it under
9  * the terms of the GNU General Public License, either version 2
10  * of the License, or any later version.
11  *
12  * For the full copyright and license information, please read the
13  * LICENSE.txt file that was distributed with this source code.
14  *
15  * The TYPO3 project - inspiring people to share!
16  */
17 
18 use org\bovigo\vfs\vfsStream;
19 use org\bovigo\vfs\vfsStreamDirectory;
20 use TYPO3\CMS\Core\Exception\Archive\ExtractException;
21 use TYPO3\CMS\Core\Service\Archive\ZipService;
22 use TYPO3\CMS\Core\Utility\GeneralUtility;
23 use TYPO3\TestingFramework\Core\Functional\FunctionalTestCase;
24 
25 class ZipServiceTest extends FunctionalTestCase
26 {
30  private $vfs;
31 
35  private $directory;
36 
37  protected function setUp()
38  {
39  parent::setUp();
40 
41  $structure = [
42  'typo3conf' => [
43  'ext' => [],
44  ],
45  ];
46  $this->vfs = vfsStream::setup('root', null, $structure);
47  $this->directory = vfsStream::url('root/typo3conf/ext');
48  }
49 
50  protected function tearDown()
51  {
52  parent::tearDown();
53  unset($this->vfs, $this->directory);
54  }
55 
59  public function filesCanNotGetExtractedOutsideTargetDirectory()
60  {
61  $extensionDirectory = $this->directory . '/malicious';
62  GeneralUtility::mkdir($extensionDirectory);
63 
64  (new ZipService())->extract(
65  __DIR__ . '/Fixtures/malicious.zip',
66  $extensionDirectory
67  );
68 
69  self::assertFileNotExists($extensionDirectory . '/../tool.php');
70  self::assertFileExists($extensionDirectory . '/tool.php');
71  // This is a smoke test to verify PHP's zip library is broken regarding symlinks
72  self::assertFileExists($extensionDirectory . '/passwd');
73  self::assertFalse(is_link($extensionDirectory . '/passwd'));
74  }
75 
79  public function fileContentIsExtractedAsExpected()
80  {
81  $extensionDirectory = $this->directory . '/my_extension';
82  GeneralUtility::mkdir($extensionDirectory);
83 
84  (new ZipService())->extract(
85  __DIR__ . '/Fixtures/my_extension.zip',
86  $extensionDirectory
87  );
88 
89  self::assertDirectoryExists($extensionDirectory . '/Classes');
90  self::assertFileExists($extensionDirectory . '/Resources/Public/Css/empty.css');
91  self::assertFileExists($extensionDirectory . '/ext_emconf.php');
92  }
93 
97  public function fileContentIsExtractedAsExpectedAndSetsPermissions()
98  {
99  $GLOBALS['TYPO3_CONF_VARS']['SYS']['fileCreateMask'] = '0777';
100  $GLOBALS['TYPO3_CONF_VARS']['SYS']['folderCreateMask'] = '0772';
101  $extensionDirectory = $this->directory . '/my_extension';
102  GeneralUtility::mkdir($extensionDirectory);
103 
104  (new ZipService())->extract(
105  __DIR__ . '/Fixtures/my_extension.zip',
106  $extensionDirectory
107  );
108 
109  self::assertDirectoryExists($extensionDirectory . '/Classes');
110  self::assertFileExists($extensionDirectory . '/Resources/Public/Css/empty.css');
111  self::assertFileExists($extensionDirectory . '/ext_emconf.php');
112 
113  $filePerms = fileperms($extensionDirectory . '/Resources/Public/Css/empty.css');
114  $folderPerms = fileperms($extensionDirectory . '/Classes');
115  self::assertEquals($GLOBALS['TYPO3_CONF_VARS']['SYS']['fileCreateMask'], substr(sprintf('%o', $filePerms), -4));
116  self::assertEquals($GLOBALS['TYPO3_CONF_VARS']['SYS']['folderCreateMask'], substr(sprintf('%o', $folderPerms), -4));
117  }
118 
122  public function nonExistentFileThrowsException()
123  {
124  $this->expectException(ExtractException::class);
125  $this->expectExceptionCode(1565709712);
126 
127  (new ZipService())->extract(
128  'foobar.zip',
129  vfsStream::url('root')
130  );
131  }
132 
136  public function nonExistentDirectoryThrowsException()
137  {
138  $this->expectException(\RuntimeException::class);
139  $this->expectExceptionCode(1565773005);
140 
141  (new ZipService())->extract(
142  __DIR__ . '/Fixtures/my_extension.zip',
143  vfsStream::url('root/non-existent-directory')
144  );
145  }
146 
150  public function nonWritableDirectoryThrowsException()
151  {
152  $this->expectException(\RuntimeException::class);
153  $this->expectExceptionCode(1565773006);
154 
155  $extensionDirectory = $this->directory . '/my_extension';
156  GeneralUtility::mkdir($extensionDirectory);
157  chmod($extensionDirectory, 0000);
158 
159  (new ZipService())->extract(
160  __DIR__ . '/Fixtures/my_extension.zip',
161  $extensionDirectory
162  );
163  self::assertFileExists($extensionDirectory . '/Resources/Public/Css/empty.css');
164  }
165 
169  public function verifyDetectsValidArchive()
170  {
171  self::assertTrue(
172  (new ZipService())->verify(__DIR__ . '/Fixtures/my_extension.zip')
173  );
174  }
175 
179  public function verifyDetectsSuspiciousSequences()
180  {
181  $this->expectException(ExtractException::class);
182  $this->expectExceptionCode(1565709714);
183 
184  (new ZipService())->verify(__DIR__ . '/Fixtures/malicious.zip');
185  }
186 }
$GLOBALS
if(TYPO3_MODE==='BE') $GLOBALS['TYPO3_CONF_VARS']['SC_OPTIONS']['t3lib/class.t3lib_tsfebeuserauth.php']['frontendEditingController']['default']
Definition: ext_localconf.php:38