Add create-evil-tar.go and create-evil-zip.go

mholt · Oct 24, 2020 · 10fd729 · 10fd729
1 parent 7d5af0e
commit 10fd729
Show file tree

Hide file tree

Showing 2 changed files with 145 additions and 0 deletions.
diff --git a/testdata/create-evil-tar.go b/testdata/create-evil-tar.go
@@ -0,0 +1,71 @@
+package main
+
+import (
+	"archive/tar"
+	"log"
+	"os"
+	"time"
+)
+
+func main() {
+	// Create a buffer to write our archive to.
+	fw, err := os.Create("double-evil.tar")
+	if nil != err {
+		log.Fatal(err)
+		return
+	}
+
+	// Create a new tar archive.
+	w := tar.NewWriter(fw)
+
+	// Write the evil symlink, it points outside of the target directory
+	h := &tar.Header{
+		Name:     "bad/file.txt",
+		Typeflag: 2,
+		Linkname: "../../badfile.txt",
+		ModTime:  time.Now(),
+	}
+
+	err = w.WriteHeader(h)
+
+	if err != nil {
+		log.Fatal(err)
+	}
+
+	// Write safe files to the archive.
+	var files = []struct {
+		Name, Body string
+	}{
+		{"goodfile.txt", "hello world"},
+		{"morefile.txt", "hello world"},
+		{"bad/file.txt", "Mwa-ha-ha"},
+	}
+	for _, file := range files {
+		h := &tar.Header{
+			Name:     file.Name,
+			Typeflag: 0,
+			Size:     int64(len(file.Body)),
+			ModTime:  time.Now(),
+		}
+		err := w.WriteHeader(h)
+		if err != nil {
+			log.Fatal(err)
+		}
+		_, err = w.Write([]byte(file.Body))
+
+		if err != nil {
+			log.Fatal(err)
+		}
+	}
+
+	// Close the in-memory archive so that it writes trailing data
+	err = w.Close()
+	if err != nil {
+		log.Fatal(err)
+	}
+	// close the on-disk archive so that it flushes all bytes
+	if err = fw.Close(); err != nil {
+		log.Fatal(err)
+		return
+	}
+}
diff --git a/testdata/create-evil-zip.go b/testdata/create-evil-zip.go
@@ -0,0 +1,74 @@
+package main
+
+import (
+	"archive/zip"
+	"log"
+	"os"
+	"time"
+)
+
+func main() {
+	// Create a buffer to write our archive to.
+	fw, err := os.Create("double-evil.zip")
+	if nil != err {
+		log.Fatal(err)
+		return
+	}
+
+	// Create a new zip archive.
+	w := zip.NewWriter(fw)
+
+	// Write the evil symlink
+	h := &zip.FileHeader{
+		Name:     "bad/file.txt",
+		Method:   zip.Deflate,
+		Modified: time.Now(),
+	}
+	h.SetMode(os.ModeSymlink)
+	header, err := w.CreateHeader(h)
+	if err != nil {
+		log.Fatal(err)
+	}
+	// The evil symlink points outside of the target directory
+	_, err = header.Write([]byte("../../badfile.txt"))
+	if err != nil {
+		log.Fatal(err)
+	}
+
+	// Write safe files to the archive.
+	var files = []struct {
+		Name, Body string
+	}{
+		{"goodfile.txt", "hello world"},
+		{"morefile.txt", "hello world"},
+		{"bad/file.txt", "Mwa-ha-ha"},
+	}
+	for _, file := range files {
+		h := &zip.FileHeader{
+			Name:     file.Name,
+			Method:   zip.Deflate,
+			Modified: time.Now(),
+		}
+
+		header, err := w.CreateHeader(h)
+		if err != nil {
+			log.Fatal(err)
+		}
+
+		_, err = header.Write([]byte(file.Body))
+		if err != nil {
+			log.Fatal(err)
+		}
+	}
+
+	// close the in-memory archive so that it writes trailing data
+	if err = w.Close(); err != nil {
+		log.Fatal(err)
+	}
+
+	// close the on-disk archive so that it flushes all bytes
+	if err = fw.Close(); err != nil {
+		log.Fatal(err)
+		return
+	}
+}