Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

detect permissions for addFile #293

Merged
merged 1 commit into from Jul 16, 2023
Merged

detect permissions for addFile #293

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
20 changes: 18 additions & 2 deletions src/main/java/org/codehaus/plexus/archiver/AbstractArchiver.java
View file
Open in desktop
Expand Up @@ -40,6 +40,7 @@

import org.codehaus.plexus.archiver.manager.ArchiverManager;
import org.codehaus.plexus.archiver.manager.NoSuchArchiverException;
import org.codehaus.plexus.components.io.attributes.PlexusIoResourceAttributeUtils;
import org.codehaus.plexus.components.io.attributes.PlexusIoResourceAttributes;
import org.codehaus.plexus.components.io.attributes.SimpleResourceAttributes;
import org.codehaus.plexus.components.io.functions.ResourceAttributeSupplier;
Expand Down Expand Up @@ -364,9 +365,20 @@ public void addFileSet(@Nonnull final FileSet fileSet) throws ArchiverException

@Override
public void addFile(@Nonnull final File inputFile, @Nonnull final String destFileName) throws ArchiverException {
final int fileMode = getOverrideFileMode();
int permissions;
if (forcedFileMode > 0) {
permissions = forcedFileMode;
} else {
permissions = PlexusIoResourceAttributes.UNKNOWN_OCTAL_MODE;
try {
permissions = PlexusIoResourceAttributeUtils.getFileAttributes(inputFile)
.getOctalMode();
} catch (IOException ioe) {
// ignore
}
}

addFile(inputFile, destFileName, fileMode);
addFile(inputFile, destFileName, permissions);
}

@Override
Expand Down Expand Up @@ -462,6 +474,10 @@ public void addFile(@Nonnull final File inputFile, @Nonnull String destFileName,
permissions = getOverrideFileMode();
}

if (umask > 0 && permissions != PlexusIoResourceAttributes.UNKNOWN_OCTAL_MODE) {
permissions &= ~umask;
}

try {
// do a null check here, to avoid creating a file stream if there are no filters...
ArchiveEntry entry = ArchiveEntry.createFileEntry(destFileName, inputFile, permissions, getDirectoryMode());
Expand Down
46 changes: 44 additions & 2 deletions src/test/java/org/codehaus/plexus/archiver/jar/JarArchiverTest.java
View file
Open in desktop
Expand Up @@ -14,6 +14,7 @@
import java.util.zip.ZipEntry;
import java.util.zip.ZipFile;

import org.apache.commons.compress.archivers.zip.ZipArchiveEntry;
import org.codehaus.plexus.archiver.ArchiverException;
import org.junit.jupiter.api.Test;
import org.junit.jupiter.api.io.TempDir;
Expand Down Expand Up @@ -123,14 +124,16 @@ private void createReproducibleBuild(String timeZoneId) throws IOException, Mani

JarArchiver archiver = getJarArchiver();
archiver.setDestFile(jarFile.toFile());
archiver.addConfiguredManifest(manifest);
archiver.addDirectory(new File("src/test/resources/java-classes"));

SimpleDateFormat isoFormat = new SimpleDateFormat("yyyy-MM-dd'T'HH:mm:ssXXX");
long parsedTime = isoFormat.parse("2038-01-19T03:14:08Z").getTime();
FileTime lastModTime = FileTime.fromMillis(parsedTime);

archiver.configureReproducibleBuild(lastModTime);

archiver.addConfiguredManifest(manifest);
archiver.addDirectory(new File("src/test/resources/java-classes"));

archiver.createArchive();

// zip 2 seconds precision, normalized to UTC
Expand All @@ -148,6 +151,45 @@ private void createReproducibleBuild(String timeZoneId) throws IOException, Mani
}
}

/**
* Check group not writable for reproducible archive.
*
* @throws IOException
* @throws ParseException
*/
@Test
public void testReproducibleUmask() throws IOException, ParseException {
Path jarFile = Files.createTempFile(tempDir, "JarArchiverTest-umask", ".jar");

JarArchiver archiver = getJarArchiver();
archiver.setDestFile(jarFile.toFile());

SimpleDateFormat isoFormat = new SimpleDateFormat("yyyy-MM-dd'T'HH:mm:ssXXX");
long parsedTime = isoFormat.parse("2038-01-19T03:14:08Z").getTime();
FileTime lastModTime = FileTime.fromMillis(parsedTime);

archiver.configureReproducibleBuild(lastModTime);

archiver.addDirectory(new File("src/test/resources/java-classes"));
archiver.addFile(new File("src/test/resources/world-writable/foo.txt"), "addFile.txt");

archiver.createArchive();

try (org.apache.commons.compress.archivers.zip.ZipFile zip =
new org.apache.commons.compress.archivers.zip.ZipFile(jarFile.toFile())) {
Enumeration<? extends ZipArchiveEntry> entries = zip.getEntries();
while (entries.hasMoreElements()) {
ZipArchiveEntry entry = entries.nextElement();
int mode = entry.getUnixMode();
assertEquals(
0,
mode & 0_020,
entry.getName() + " group should not be writable in reproducible mode: "
+ Integer.toOctalString(mode));
}
}
}

@Override
protected JarArchiver getJarArchiver() {
return new JarArchiver();
Expand Down