mirror of
				https://github.com/Ne-Lexa/php-zip.git
				synced 2025-10-25 03:56:18 +02:00 
			
		
		
		
	
		
			
				
	
	
		
			48 lines
		
	
	
		
			1.2 KiB
		
	
	
	
		
			PHP
		
	
	
	
	
	
			
		
		
	
	
			48 lines
		
	
	
		
			1.2 KiB
		
	
	
	
		
			PHP
		
	
	
	
	
	
| <?php
 | |
| 
 | |
| namespace PhpZip\Tests;
 | |
| 
 | |
| use PhpZip\Exception\ZipException;
 | |
| use PhpZip\ZipFile;
 | |
| 
 | |
| /**
 | |
|  * Class ZipSlipVulnerabilityTest.
 | |
|  *
 | |
|  * @see https://github.com/Ne-Lexa/php-zip/issues/39 Issue#31
 | |
|  * @see https://snyk.io/research/zip-slip-vulnerability Zip Slip Vulnerability
 | |
|  *
 | |
|  * @internal
 | |
|  *
 | |
|  * @small
 | |
|  */
 | |
| class ZipSlipVulnerabilityTest extends ZipTestCase
 | |
| {
 | |
|     /**
 | |
|      * @throws ZipException
 | |
|      */
 | |
|     public function testCreateSlipVulnerabilityFile()
 | |
|     {
 | |
|         $localFile = '../dir/./../../file.txt';
 | |
|         $zipFile = new ZipFile();
 | |
|         $zipFile->addFromString($localFile, 'contents');
 | |
|         static::assertContains($localFile, $zipFile->getListFiles());
 | |
|         $zipFile->close();
 | |
|     }
 | |
| 
 | |
|     /**
 | |
|      * @throws ZipException
 | |
|      */
 | |
|     public function testUnpack()
 | |
|     {
 | |
|         static::assertTrue(mkdir($this->outputDirname, 0755, true));
 | |
| 
 | |
|         $zipFile = new ZipFile();
 | |
|         $zipFile->addFromString('../dir/./../../file.txt', 'contents');
 | |
|         $zipFile->extractTo($this->outputDirname);
 | |
|         $zipFile->close();
 | |
| 
 | |
|         $expectedExtractedFile = $this->outputDirname . '/dir/file.txt';
 | |
|         static::assertTrue(is_file($expectedExtractedFile));
 | |
|     }
 | |
| }
 |