(t *testing.T)
| 87 | } |
| 88 | |
| 89 | func TestCreateTarFromZip_RejectsInvalidZipMetadata(t *testing.T) { |
| 90 | t.Parallel() |
| 91 | |
| 92 | // Ref: https://github.com/golang/go/blob/go1.24.0/src/archive/zip/struct.go |
| 93 | corruptZipUncompressedSize := func(t *testing.T, zipBytes []byte, size uint32) []byte { |
| 94 | t.Helper() |
| 95 | |
| 96 | const ( |
| 97 | directoryHeaderSignature = "PK\x01\x02" |
| 98 | uncompressedSizeOffset = 24 |
| 99 | ) |
| 100 | hdrOffset := bytes.Index(zipBytes, []byte(directoryHeaderSignature)) |
| 101 | require.NotEqual(t, -1, hdrOffset, "missing ZIP central directory header") |
| 102 | corrupted := bytes.Clone(zipBytes) |
| 103 | sizeBytes := corrupted[hdrOffset+uncompressedSizeOffset : hdrOffset+uncompressedSizeOffset+4] |
| 104 | binary.LittleEndian.PutUint32(sizeBytes, size) |
| 105 | |
| 106 | return corrupted |
| 107 | } |
| 108 | |
| 109 | zipBytes := buildTestZip(t, map[string]string{ |
| 110 | "hello.txt": "hello", |
| 111 | }) |
| 112 | zipBytes = corruptZipUncompressedSize(t, zipBytes, 6) |
| 113 | |
| 114 | zr, err := zip.NewReader(bytes.NewReader(zipBytes), int64(len(zipBytes))) |
| 115 | require.NoError(t, err) |
| 116 | |
| 117 | // Keep the size limit large so this test exercises the invalid |
| 118 | // ZIP metadata path rather than the tar output limit. |
| 119 | maxSize := int64(4096) |
| 120 | tarBytes, err := archive.CreateTarFromZip(zr, maxSize) |
| 121 | require.ErrorIs(t, err, archive.ErrInvalidZipContent) |
| 122 | require.Nil(t, tarBytes) |
| 123 | } |
| 124 | |
| 125 | func TestCreateTarFromZip_RejectsOversizedTarOverhead(t *testing.T) { |
| 126 | t.Parallel() |
nothing calls this directly
no test coverage detected