MCPcopy
hub / github.com/cli/cli / TestExtractTarGz

Function TestExtractTarGz

pkg/cmd/copilot/copilot_test.go:209–270  ·  view source on GitHub ↗
(t *testing.T)

Source from the content-addressed store, hash-verified

207}
208
209func TestExtractTarGz(t *testing.T) {
210 t.Run("extracts files correctly", func(t *testing.T) {
211 content := []byte("hello world")
212 archive := createTarGzBuffer(t, map[string][]byte{
213 "copilot": content,
214 })
215
216 destDir := t.TempDir()
217
218 err := extractTarGz(bytes.NewReader(archive), destDir)
219 require.NoError(t, err, "extractTarGz() error")
220
221 extracted, err := os.ReadFile(filepath.Join(destDir, "copilot"))
222 require.NoError(t, err, "failed to read extracted file")
223 require.Equal(t, content, extracted, "extracted content mismatch")
224 })
225
226 t.Run("extracts nested files", func(t *testing.T) {
227 content := []byte("nested content")
228 archive := createTarGzBuffer(t, map[string][]byte{
229 "subdir/file.txt": content,
230 })
231
232 destDir := t.TempDir()
233
234 err := extractTarGz(bytes.NewReader(archive), destDir)
235 require.NoError(t, err, "extractTarGz() error")
236
237 extracted, err := os.ReadFile(filepath.Join(destDir, "subdir", "file.txt"))
238 require.NoError(t, err, "failed to read extracted file")
239 require.Equal(t, content, extracted, "extracted content mismatch")
240 })
241
242 t.Run("rejects path traversal", func(t *testing.T) {
243 // Manually create a malicious tar.gz with path traversal
244 var buf bytes.Buffer
245 gw := gzip.NewWriter(&buf)
246 tw := tar.NewWriter(gw)
247
248 hdr := &tar.Header{
249 Name: "../evil.txt",
250 Mode: 0755,
251 Size: 4,
252 }
253 _ = tw.WriteHeader(hdr)
254 _, _ = tw.Write([]byte("evil"))
255 _ = tw.Close()
256 _ = gw.Close()
257
258 destDir := t.TempDir()
259
260 err := extractTarGz(bytes.NewReader(buf.Bytes()), destDir)
261 require.Error(t, err, "expected error for path traversal, got nil")
262 })
263
264 t.Run("handles invalid gzip", func(t *testing.T) {
265 destDir := t.TempDir()
266

Callers

nothing calls this directly

Calls 8

createTarGzBufferFunction · 0.85
extractTarGzFunction · 0.85
JoinMethod · 0.80
EqualMethod · 0.80
RunMethod · 0.65
WriteMethod · 0.65
CloseMethod · 0.65
ErrorMethod · 0.45

Tested by

no test coverage detected