fix: Fails to extract file which might or might not be malformed (#376)

[amazon-q-developer]

Pull request for Fails to extract file which might or might not be malformed

[amazon-q-developer]

Resolves #376

[amazon-q-developer]

To provide feedback, I recommend leaving inline comments for best results. Navigate to the Files changed tab and leave comments on the proposed code changes. Choose Start review for each comment, and then choose Request changes, and I'll propose revised changes. If creating PR-level comments, include as much detail as possible in your feedback (for example, file name, class name, line number).

[beeb]

The tests are failing in CI with --no-default-features --features deflate-zopfli

running 5 tests
test test_extract_zip_with_windows_absolute_paths ... FAILED
test test_individual_file_access_with_absolute_paths ... FAILED
test test_extract_zip_with_absolute_paths ... FAILED
test test_extract_soldeer_like_zip ... FAILED
test test_security_still_prevents_directory_traversal ... FAILED

failures:

---- test_extract_zip_with_windows_absolute_paths stdout ----

thread 'test_extract_zip_with_windows_absolute_paths' panicked at tests/invalid_path.rs:80:38:
called `Result::unwrap()` on an `Err` value: UnsupportedArchive("Compression method not supported")
note: run with `RUST_BACKTRACE=1` environment variable to display a backtrace

---- test_individual_file_access_with_absolute_paths stdout ----
File name: /_/
Enclosed name: None

thread 'test_individual_file_access_with_absolute_paths' panicked at tests/invalid_path.rs:126:9:
assertion failed: enclosed_name.is_some()

---- test_extract_zip_with_absolute_paths stdout ----

thread 'test_extract_zip_with_absolute_paths' panicked at tests/invalid_path.rs:61:38:
called `Result::unwrap()` on an `Err` value: UnsupportedArchive("Compression method not supported")

---- test_extract_soldeer_like_zip stdout ----

thread 'test_extract_soldeer_like_zip' panicked at tests/invalid_path.rs:98:38:
called `Result::unwrap()` on an `Err` value: UnsupportedArchive("Compression method not supported")

---- test_security_still_prevents_directory_traversal stdout ----

thread 'test_security_still_prevents_directory_traversal' panicked at tests/invalid_path.rs:152:40:
called `Result::unwrap()` on an `Err` value: UnsupportedArchive("Compression method not supported")


failures:
    test_extract_soldeer_like_zip
    test_extract_zip_with_absolute_paths
    test_extract_zip_with_windows_absolute_paths
    test_individual_file_access_with_absolute_paths
    test_security_still_prevents_directory_traversal

test result: FAILED. 0 passed; 5 failed; 0 ignored; 0 measured; 0 filtered out; finished in 0.13s

[Pr0methean]

Update: the cause of most of these failures is that zopfli only writes deflate-compressed files and doesn't read them, so flate2 must be enabled as well.

[Pr0methean]

Update: one new test is still failing on Unix because a Windows drive letter is being interpreted as a normal directory on Unix. Apparently Rust's Path implementation always assumes the path comes from whatever platform it's being built for, so it looks like we'll need to use the typed-path crate to handle these properly when a ZIP file has been sent between platforms.

[Its-Just-Nans]

I think this MR introduced the file test_fix.rs

https://github.com/zip-rs/zip2/blob/master/test_fix.rs

I think we should delete it

[Pr0methean]

That file was added by Amazon Q Developer to the first version of this PR back in September: 18b8948

I'll take another look in the morning, but I suspect that Q added this test for a good reason, given how lazy it was in general at that time, and that if we deleted it without merging it into the existing tests then we'd get a coverage regression.

[Its-Just-Nans]

I suspect that Q added this test for a good reason

The problem is that it's not even a test :( but just a main() func

• no #[test]
• not in the correct place/folder

I'll take another look in the morning

Thanks

[Pr0methean]

I suspect that Q added this test for a good reason

The problem is that it's not even a test :( but just a main() func

• no #[test]
• not in the correct place/folder

I'll take another look in the morning

Thanks

Fair enough; I'll convert it into a test if no existing test uses absolute paths (and I don't remember there being any that do).