‪TYPO3CMS  ‪main
ZipServiceTest.php
Go to the documentation of this file.
1 <?php
2 
3 declare(strict_types=1);
4 
5 /*
6  * This file is part of the TYPO3 CMS project.
7  *
8  * It is free software; you can redistribute it and/or modify it under
9  * the terms of the GNU General Public License, either version 2
10  * of the License, or any later version.
11  *
12  * For the full copyright and license information, please read the
13  * LICENSE.txt file that was distributed with this source code.
14  *
15  * The TYPO3 project - inspiring people to share!
16  */
17 
18 namespace ‪TYPO3\CMS\Core\Tests\Functional\Service\Archive;
19 
20 use PHPUnit\Framework\Attributes\Test;
21 use ‪TYPO3\CMS\Core\Exception\Archive\ExtractException;
22 use ‪TYPO3\CMS\Core\Service\Archive\ZipService;
23 use ‪TYPO3\CMS\Core\Utility\GeneralUtility;
24 use TYPO3\TestingFramework\Core\Functional\FunctionalTestCase;
25 
26 final class ‪ZipServiceTest extends FunctionalTestCase
27 {
28  protected bool ‪$initializeDatabase = false;
29 
30  protected function ‪tearDown(): void
31  {
32  ‪GeneralUtility::rmdir($this->instancePath . '/typo3conf/ext/malicious', true);
33  ‪GeneralUtility::rmdir($this->instancePath . '/typo3conf/ext/my_extension', true);
34  parent::tearDown();
35  }
36 
37  #[Test]
38  public function ‪filesCanNotGetExtractedOutsideTargetDirectory(): void
39  {
40  $extensionDirectory = $this->instancePath . '/typo3conf/ext/malicious';
41  ‪GeneralUtility::mkdir($extensionDirectory);
42  (new ‪ZipService())->extract(
43  __DIR__ . '/Fixtures/malicious.zip',
44  $extensionDirectory
45  );
46  self::assertFileDoesNotExist($extensionDirectory . '/../tool.php');
47  self::assertFileExists($extensionDirectory . '/tool.php');
48  // This is a smoke test to verify PHP's zip library is broken regarding symlinks
49  self::assertFileExists($extensionDirectory . '/passwd');
50  self::assertFalse(is_link($extensionDirectory . '/passwd'));
51  }
52 
53  #[Test]
54  public function ‪fileContentIsExtractedAsExpected(): void
55  {
56  $extensionDirectory = $this->instancePath . '/typo3conf/ext/my_extension';
57  ‪GeneralUtility::mkdir($extensionDirectory);
58  (new ‪ZipService())->extract(
59  __DIR__ . '/Fixtures/my_extension.zip',
60  $extensionDirectory
61  );
62  self::assertDirectoryExists($extensionDirectory . '/Classes');
63  self::assertFileExists($extensionDirectory . '/Resources/Public/Css/empty.css');
64  self::assertFileExists($extensionDirectory . '/ext_emconf.php');
65  }
66 
67  #[Test]
68  public function ‪fileContentIsExtractedAsExpectedAndSetsPermissions(): void
69  {
70  ‪$GLOBALS['TYPO3_CONF_VARS']['SYS']['fileCreateMask'] = '0777';
71  ‪$GLOBALS['TYPO3_CONF_VARS']['SYS']['folderCreateMask'] = '0772';
72  $extensionDirectory = $this->instancePath . '/typo3conf/ext/my_extension';
73  ‪GeneralUtility::mkdir($extensionDirectory);
74  (new ‪ZipService())->extract(
75  __DIR__ . '/Fixtures/my_extension.zip',
76  $extensionDirectory
77  );
78  self::assertDirectoryExists($extensionDirectory . '/Classes');
79  self::assertFileExists($extensionDirectory . '/Resources/Public/Css/empty.css');
80  self::assertFileExists($extensionDirectory . '/ext_emconf.php');
81  $filePerms = fileperms($extensionDirectory . '/Resources/Public/Css/empty.css');
82  $folderPerms = fileperms($extensionDirectory . '/Classes');
83  self::assertEquals(‪$GLOBALS['TYPO3_CONF_VARS']['SYS']['fileCreateMask'], substr(sprintf('%o', $filePerms), -4));
84  self::assertEquals(‪$GLOBALS['TYPO3_CONF_VARS']['SYS']['folderCreateMask'], substr(sprintf('%o', $folderPerms), -4));
85  }
86 
87  #[Test]
88  public function ‪nonExistentFileThrowsException(): void
89  {
90  $this->expectException(ExtractException::class);
91  $this->expectExceptionCode(1565709712);
92  $extensionDirectory = $this->instancePath . '/typo3conf/ext/my_extension';
93  ‪GeneralUtility::mkdir($extensionDirectory);
94  (new ‪ZipService())->extract(
95  'foobar.zip',
96  $this->instancePath . '/typo3conf/ext/my_extension'
97  );
98  }
99 
100  #[Test]
101  public function ‪nonExistentDirectoryThrowsException(): void
102  {
103  $this->expectException(\RuntimeException::class);
104  $this->expectExceptionCode(1565773005);
105  (new ‪ZipService())->extract(
106  __DIR__ . '/Fixtures/my_extension.zip',
107  $this->instancePath . '/typo3conf/foo/my_extension'
108  );
109  }
110 
111  #[Test]
112  public function ‪verifyDetectsValidArchive(): void
113  {
114  self::assertTrue(
115  (new ‪ZipService())->verify(__DIR__ . '/Fixtures/my_extension.zip')
116  );
117  }
118 
119  #[Test]
120  public function ‪verifyDetectsSuspiciousSequences(): void
121  {
122  $this->expectException(ExtractException::class);
123  $this->expectExceptionCode(1565709714);
124  (new ‪ZipService())->verify(__DIR__ . '/Fixtures/malicious.zip');
125  }
126 }
‪TYPO3\CMS\Core\Utility\GeneralUtility\mkdir
‪static bool mkdir(string $newFolder)
Definition: GeneralUtility.php:1638
‪TYPO3\CMS\Core\Tests\Functional\Service\Archive
Definition: ZipServiceTest.php:18
‪TYPO3\CMS\Core\Tests\Functional\Service\Archive\ZipServiceTest\tearDown
‪tearDown()
Definition: ZipServiceTest.php:30
‪TYPO3\CMS\Core\Exception\Archive\ExtractException
Definition: ExtractException.php:25
‪TYPO3\CMS\Core\Tests\Functional\Service\Archive\ZipServiceTest\fileContentIsExtractedAsExpected
‪fileContentIsExtractedAsExpected()
Definition: ZipServiceTest.php:54
‪TYPO3\CMS\Core\Utility\GeneralUtility\rmdir
‪static bool rmdir(string $path, bool $removeNonEmpty=false)
Definition: GeneralUtility.php:1702
‪TYPO3\CMS\Core\Tests\Functional\Service\Archive\ZipServiceTest\nonExistentFileThrowsException
‪nonExistentFileThrowsException()
Definition: ZipServiceTest.php:88
‪TYPO3\CMS\Core\Tests\Functional\Service\Archive\ZipServiceTest\nonExistentDirectoryThrowsException
‪nonExistentDirectoryThrowsException()
Definition: ZipServiceTest.php:101
‪TYPO3\CMS\Core\Tests\Functional\Service\Archive\ZipServiceTest\fileContentIsExtractedAsExpectedAndSetsPermissions
‪fileContentIsExtractedAsExpectedAndSetsPermissions()
Definition: ZipServiceTest.php:68
‪TYPO3\CMS\Core\Tests\Functional\Service\Archive\ZipServiceTest
Definition: ZipServiceTest.php:27
‪TYPO3\CMS\Core\Service\Archive\ZipService
Definition: ZipService.php:29
‪$GLOBALS
‪$GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['adminpanel']['modules']
Definition: ext_localconf.php:25
‪TYPO3\CMS\Core\Tests\Functional\Service\Archive\ZipServiceTest\verifyDetectsValidArchive
‪verifyDetectsValidArchive()
Definition: ZipServiceTest.php:112
‪TYPO3\CMS\Core\Tests\Functional\Service\Archive\ZipServiceTest\verifyDetectsSuspiciousSequences
‪verifyDetectsSuspiciousSequences()
Definition: ZipServiceTest.php:120
‪TYPO3\CMS\Core\Tests\Functional\Service\Archive\ZipServiceTest\$initializeDatabase
‪bool $initializeDatabase
Definition: ZipServiceTest.php:28
‪TYPO3\CMS\Core\Utility\GeneralUtility
Definition: GeneralUtility.php:52
‪TYPO3\CMS\Core\Tests\Functional\Service\Archive\ZipServiceTest\filesCanNotGetExtractedOutsideTargetDirectory
‪filesCanNotGetExtractedOutsideTargetDirectory()
Definition: ZipServiceTest.php:38