From 10fd729aaf55d422ea672538fa98c2914d0bea45 Mon Sep 17 00:00:00 2001 From: kross9924 Date: Sat, 24 Oct 2020 15:34:07 +0000 Subject: [PATCH] Add create-evil-tar.go and create-evil-zip.go --- testdata/create-evil-tar.go | 71 +++++++++++++++++++++++++++++++++++ testdata/create-evil-zip.go | 74 +++++++++++++++++++++++++++++++++++++ 2 files changed, 145 insertions(+) create mode 100644 testdata/create-evil-tar.go create mode 100644 testdata/create-evil-zip.go diff --git a/testdata/create-evil-tar.go b/testdata/create-evil-tar.go new file mode 100644 index 00000000..142329a2 --- /dev/null +++ b/testdata/create-evil-tar.go @@ -0,0 +1,71 @@ +package main + +import ( + "archive/tar" + "log" + "os" + "time" +) + +func main() { + // Create a buffer to write our archive to. + fw, err := os.Create("double-evil.tar") + if nil != err { + log.Fatal(err) + return + } + + // Create a new tar archive. + w := tar.NewWriter(fw) + + // Write the evil symlink, it points outside of the target directory + h := &tar.Header{ + Name: "bad/file.txt", + Typeflag: 2, + Linkname: "../../badfile.txt", + ModTime: time.Now(), + } + + err = w.WriteHeader(h) + + if err != nil { + log.Fatal(err) + } + + // Write safe files to the archive. + var files = []struct { + Name, Body string + }{ + {"goodfile.txt", "hello world"}, + {"morefile.txt", "hello world"}, + {"bad/file.txt", "Mwa-ha-ha"}, + } + for _, file := range files { + h := &tar.Header{ + Name: file.Name, + Typeflag: 0, + Size: int64(len(file.Body)), + ModTime: time.Now(), + } + err := w.WriteHeader(h) + if err != nil { + log.Fatal(err) + } + _, err = w.Write([]byte(file.Body)) + + if err != nil { + log.Fatal(err) + } + } + + // Close the in-memory archive so that it writes trailing data + err = w.Close() + if err != nil { + log.Fatal(err) + } + // close the on-disk archive so that it flushes all bytes + if err = fw.Close(); err != nil { + log.Fatal(err) + return + } +} diff --git a/testdata/create-evil-zip.go b/testdata/create-evil-zip.go new file mode 100644 index 00000000..972fdb11 --- /dev/null +++ b/testdata/create-evil-zip.go @@ -0,0 +1,74 @@ +package main + +import ( + "archive/zip" + "log" + "os" + "time" +) + +func main() { + // Create a buffer to write our archive to. + fw, err := os.Create("double-evil.zip") + if nil != err { + log.Fatal(err) + return + } + + // Create a new zip archive. + w := zip.NewWriter(fw) + + // Write the evil symlink + h := &zip.FileHeader{ + Name: "bad/file.txt", + Method: zip.Deflate, + Modified: time.Now(), + } + h.SetMode(os.ModeSymlink) + header, err := w.CreateHeader(h) + if err != nil { + log.Fatal(err) + } + // The evil symlink points outside of the target directory + _, err = header.Write([]byte("../../badfile.txt")) + if err != nil { + log.Fatal(err) + } + + // Write safe files to the archive. + var files = []struct { + Name, Body string + }{ + {"goodfile.txt", "hello world"}, + {"morefile.txt", "hello world"}, + {"bad/file.txt", "Mwa-ha-ha"}, + } + for _, file := range files { + h := &zip.FileHeader{ + Name: file.Name, + Method: zip.Deflate, + Modified: time.Now(), + } + + header, err := w.CreateHeader(h) + if err != nil { + log.Fatal(err) + } + + _, err = header.Write([]byte(file.Body)) + if err != nil { + log.Fatal(err) + } + } + + // close the in-memory archive so that it writes trailing data + if err = w.Close(); err != nil { + log.Fatal(err) + } + + // close the on-disk archive so that it flushes all bytes + if err = fw.Close(); err != nil { + log.Fatal(err) + return + } +}