Review Request 128233: Don't trust files claiming to be created on unix more than other files

Sune Vuorela kde at pusling.com
Sun Jul 3 12:59:42 UTC 2016



> On July 2, 2016, 10:50 a.m., David Faure wrote:
> > autotests/karchivetest.cpp, line 1097
> > <https://git.reviewboard.kde.org/r/128233/diff/1/?file=469181#file469181line1097>
> >
> >     That's not really a unit test, if the person running the test has to read the output ;)

heh. I the qdebug was a leftover, and the important part of the unit test was that we didn't end up hitting asserts. I'll do some output verification.


> On July 2, 2016, 10:50 a.m., David Faure wrote:
> > src/kzip.cpp, line 699
> > <https://git.reviewboard.kde.org/r/128233/diff/1/?file=469182#file469182line699>
> >
> >     This loses permission information (e.g. 0755 vs 0750 vs 0700). How about just access |= S_IFDIR, i.e. ensuring it's a dir and still using the permission information if present? Maybe adding 0700 too, so the user can do something with it ;)
> >     
> >     I'm thinking about use cases like zipping a directory for backup or transfer to another computer...
> >     
> >     The `zip` program does preserve permissions.
> >     Testcase:
> >     
> >     mkdir ziptest
> >     cd ziptest
> >     mkdir 700 750 755
> >     chmod 700 700
> >     chmod 750 750
> >     chmod 755 755
> >     ls -l
> >     zip -r my.zip 7*
> >     unzip -l *zip
> >     mkdir out
> >     cd out
> >     unzip ../*zip

Ok. 
I might also be adding that as a unit test.


- Sune


-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://git.reviewboard.kde.org/r/128233/#review97019
-----------------------------------------------------------


On June 17, 2016, 11:10 p.m., Sune Vuorela wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://git.reviewboard.kde.org/r/128233/
> -----------------------------------------------------------
> 
> (Updated June 17, 2016, 11:10 p.m.)
> 
> 
> Review request for KDE Frameworks and David Faure.
> 
> 
> Repository: karchive
> 
> 
> Description
> -------
> 
> Don't trust files claiming to be created on unix more than other files
>     
>     For some historical reasons, we special case zip files claiming to be
>     created on unix and trust the content regarding file rights a bit better.
>     
>     Zip files in the wild have shown to violate this, so don't trust them.
>     
>     Thanks to Jonathan Marten for the test case
>     
>     BUG: 364071
> 
> 
> Diffs
> -----
> 
>   autotests/data/unusual_but_valid_364071.zip PRE-CREATION 
>   autotests/karchivetest.h 4b7ecff 
>   autotests/karchivetest.cpp c8abddf 
>   src/kzip.cpp e7e8477 
> 
> Diff: https://git.reviewboard.kde.org/r/128233/diff/
> 
> 
> Testing
> -------
> 
> 
> Thanks,
> 
> Sune Vuorela
> 
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.kde.org/pipermail/kde-frameworks-devel/attachments/20160703/9f9b765f/attachment.html>


More information about the Kde-frameworks-devel mailing list