(t *testing.T)
| 207 | } |
| 208 | |
| 209 | func TestExtractTarGz(t *testing.T) { |
| 210 | t.Run("extracts files correctly", func(t *testing.T) { |
| 211 | content := []byte("hello world") |
| 212 | archive := createTarGzBuffer(t, map[string][]byte{ |
| 213 | "copilot": content, |
| 214 | }) |
| 215 | |
| 216 | destDir := t.TempDir() |
| 217 | |
| 218 | err := extractTarGz(bytes.NewReader(archive), destDir) |
| 219 | require.NoError(t, err, "extractTarGz() error") |
| 220 | |
| 221 | extracted, err := os.ReadFile(filepath.Join(destDir, "copilot")) |
| 222 | require.NoError(t, err, "failed to read extracted file") |
| 223 | require.Equal(t, content, extracted, "extracted content mismatch") |
| 224 | }) |
| 225 | |
| 226 | t.Run("extracts nested files", func(t *testing.T) { |
| 227 | content := []byte("nested content") |
| 228 | archive := createTarGzBuffer(t, map[string][]byte{ |
| 229 | "subdir/file.txt": content, |
| 230 | }) |
| 231 | |
| 232 | destDir := t.TempDir() |
| 233 | |
| 234 | err := extractTarGz(bytes.NewReader(archive), destDir) |
| 235 | require.NoError(t, err, "extractTarGz() error") |
| 236 | |
| 237 | extracted, err := os.ReadFile(filepath.Join(destDir, "subdir", "file.txt")) |
| 238 | require.NoError(t, err, "failed to read extracted file") |
| 239 | require.Equal(t, content, extracted, "extracted content mismatch") |
| 240 | }) |
| 241 | |
| 242 | t.Run("rejects path traversal", func(t *testing.T) { |
| 243 | // Manually create a malicious tar.gz with path traversal |
| 244 | var buf bytes.Buffer |
| 245 | gw := gzip.NewWriter(&buf) |
| 246 | tw := tar.NewWriter(gw) |
| 247 | |
| 248 | hdr := &tar.Header{ |
| 249 | Name: "../evil.txt", |
| 250 | Mode: 0755, |
| 251 | Size: 4, |
| 252 | } |
| 253 | _ = tw.WriteHeader(hdr) |
| 254 | _, _ = tw.Write([]byte("evil")) |
| 255 | _ = tw.Close() |
| 256 | _ = gw.Close() |
| 257 | |
| 258 | destDir := t.TempDir() |
| 259 | |
| 260 | err := extractTarGz(bytes.NewReader(buf.Bytes()), destDir) |
| 261 | require.Error(t, err, "expected error for path traversal, got nil") |
| 262 | }) |
| 263 | |
| 264 | t.Run("handles invalid gzip", func(t *testing.T) { |
| 265 | destDir := t.TempDir() |
| 266 |
nothing calls this directly
no test coverage detected