mirror of
https://github.com/projectdiscovery/nuclei.git
synced 2025-12-17 19:35:27 +00:00
87ed0b2bb9
* chore: fix non-constant fmt string in call Signed-off-by: Dwi Siswanto <git@dw1.io> * build: bump all direct modules Signed-off-by: Dwi Siswanto <git@dw1.io> * chore(hosterrorscache): update import path Signed-off-by: Dwi Siswanto <git@dw1.io> * fix(charts): break changes Signed-off-by: Dwi Siswanto <git@dw1.io> * build: pinned `github.com/zmap/zcrypto` to v0.0.0-20240512203510-0fef58d9a9db Signed-off-by: Dwi Siswanto <git@dw1.io> * chore: golangci-lint auto fixes Signed-off-by: Dwi Siswanto <git@dw1.io> * chore: satisfy lints Signed-off-by: Dwi Siswanto <git@dw1.io> * build: migrate `github.com/xanzy/go-gitlab` => `gitlab.com/gitlab-org/api/client-go` Signed-off-by: Dwi Siswanto <git@dw1.io> * feat(json): update build constraints Signed-off-by: Dwi Siswanto <git@dw1.io> * chore: dont panicking on close err Signed-off-by: Dwi Siswanto <git@dw1.io> --------- Signed-off-by: Dwi Siswanto <git@dw1.io>
71 lines
1.4 KiB
Go
71 lines
1.4 KiB
Go
package installer
|
|
|
|
import (
|
|
"io/fs"
|
|
"os"
|
|
"path/filepath"
|
|
"runtime"
|
|
"testing"
|
|
"time"
|
|
|
|
"github.com/stretchr/testify/require"
|
|
)
|
|
|
|
var _ fs.FileInfo = &tempFileInfo{}
|
|
|
|
type tempFileInfo struct {
|
|
name string
|
|
}
|
|
|
|
func (t *tempFileInfo) Name() string {
|
|
return t.name
|
|
}
|
|
|
|
func (t *tempFileInfo) ModTime() time.Time {
|
|
return time.Now()
|
|
}
|
|
|
|
func (t *tempFileInfo) Mode() fs.FileMode {
|
|
return fs.ModePerm
|
|
}
|
|
|
|
func (t tempFileInfo) IsDir() bool {
|
|
return false
|
|
}
|
|
|
|
func (t *tempFileInfo) Size() int64 {
|
|
return 100
|
|
}
|
|
|
|
func (t *tempFileInfo) Sys() any {
|
|
return nil
|
|
}
|
|
|
|
func TestZipSlip(t *testing.T) {
|
|
if runtime.GOOS == "windows" {
|
|
t.Skip("Skipping Unix Zip LFI Check")
|
|
}
|
|
|
|
configuredTemplateDirectory := filepath.Join(os.TempDir(), "templates")
|
|
defer func() {
|
|
_ = os.RemoveAll(configuredTemplateDirectory)
|
|
}()
|
|
|
|
t.Run("negative scenarios", func(t *testing.T) {
|
|
filePathsFromZip := []string{
|
|
"./../nuclei-templates/../cve/test.yaml",
|
|
"nuclei-templates/../cve/test.yaml",
|
|
"nuclei-templates/././../cve/test.yaml",
|
|
"nuclei-templates/.././../cve/test.yaml",
|
|
"nuclei-templates/.././../cve/../test.yaml",
|
|
}
|
|
tm := TemplateManager{}
|
|
|
|
for _, filePathFromZip := range filePathsFromZip {
|
|
var tmp fs.FileInfo = &tempFileInfo{name: filePathFromZip}
|
|
writePath := tm.getAbsoluteFilePath(configuredTemplateDirectory, filePathFromZip, tmp)
|
|
require.Equal(t, "", writePath, filePathFromZip)
|
|
}
|
|
})
|
|
}
|