go/goreleaser
go/goreleaser
1
0
Fork 0
mirror of https://github.com/goreleaser/goreleaser.git synced 2025-03-17 20:47:50 +02:00
Code Issues Releases Activity

fix: archive should not actually verify links (#3103)

Browse Source 
Signed-off-by: Carlos A Becker <caarlos0@users.noreply.github.com>
This commit is contained in:
Carlos Alexandro Becker 2022-05-13 13:55:01 -03:00 committed by GitHub
parent 82f5785fd7
commit 0db84b24f5
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
4 changed files with 27 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
pkg/archive/tar/tar.go
View File

@ -28,11 +28,6 @@ func (a Archive) Close() error {
// Add file to the archive. // Add file to the archive.
func (a Archive) Add(f config.File) error { func (a Archive) Add(f config.File) error {
file, err := os.Open(f.Source) // #nosec
if err != nil {
return err
}
defer file.Close()
info, err := os.Lstat(f.Source) // #nosec info, err := os.Lstat(f.Source) // #nosec
if err != nil { if err != nil {
return err return err
@ -69,6 +64,11 @@ func (a Archive) Add(f config.File) error {
if info.IsDir() || info.Mode()&os.ModeSymlink != 0 { if info.IsDir() || info.Mode()&os.ModeSymlink != 0 {
return nil return nil
} }
file, err := os.Open(f.Source) // #nosec
if err != nil {
return err
}
defer file.Close()
_, err = io.Copy(a.tw, file) _, err = io.Copy(a.tw, file)
return err return err
} }

10
pkg/archive/tar/tar_test.go
View File

@ -151,15 +151,11 @@ func TestTarFileInfo(t *testing.T) {
} }
func TestTarInvalidLink(t *testing.T) { func TestTarInvalidLink(t *testing.T) {
tmp := t.TempDir() archive := New(io.Discard)
f, err := os.Create(filepath.Join(tmp, "test.tar"))
require.NoError(t, err)
defer f.Close() // nolint: errcheck
archive := New(f)
defer archive.Close() // nolint: errcheck defer archive.Close() // nolint: errcheck
require.EqualError(t, archive.Add(config.File{ require.NoError(t, archive.Add(config.File{
Source: "../testdata/badlink.txt", Source: "../testdata/badlink.txt",
Destination: "badlink.txt", Destination: "badlink.txt",
}), "open ../testdata/badlink.txt: no such file or directory") }))
} }

13
pkg/archive/zip/zip.go
View File

@ -34,11 +34,6 @@ func (a Archive) Close() error {
// Add a file to the zip archive. // Add a file to the zip archive.
func (a Archive) Add(f config.File) error { func (a Archive) Add(f config.File) error {
file, err := os.Open(f.Source) // #nosec
if err != nil {
return err
}
defer file.Close()
info, err := os.Lstat(f.Source) // #nosec info, err := os.Lstat(f.Source) // #nosec
if err != nil { if err != nil {
return err return err
@ -62,6 +57,14 @@ func (a Archive) Add(f config.File) error {
if err != nil { if err != nil {
return err return err
} }
if info.IsDir() || info.Mode()&os.ModeSymlink != 0 {
return nil
}
file, err := os.Open(f.Source) // #nosec
if err != nil {
return err
}
defer file.Close()
_, err = io.Copy(w, file) _, err = io.Copy(w, file)
return err return err
} }

11
pkg/archive/zip/zip_test.go
View File

@ -2,6 +2,7 @@ package zip
import ( import (
"archive/zip" "archive/zip"
"io"
"io/fs" "io/fs"
"os" "os"
"path/filepath" "path/filepath"
@ -136,3 +137,13 @@ func TestZipFileInfo(t *testing.T) {
require.Equal(t, fs.FileMode(0o755), next.FileInfo().Mode()) require.Equal(t, fs.FileMode(0o755), next.FileInfo().Mode())
} }
} }
func TestTarInvalidLink(t *testing.T) {
archive := New(io.Discard)
defer archive.Close() // nolint: errcheck
require.NoError(t, archive.Add(config.File{
Source: "../testdata/badlink.txt",
Destination: "badlink.txt",
}))
}