Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

jar: skip corrupt jar files #1049

Merged
merged 1 commit into from
Sep 7, 2023
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
23 changes: 17 additions & 6 deletions java/jar/jar.go
Original file line number Diff line number Diff line change
Expand Up @@ -90,6 +90,8 @@
goto Finish
case errors.Is(err, errUnpopulated):
case strings.HasPrefix(base, "javax") && errors.Is(err, ErrNotAJar):
case errors.Is(err, ErrNotAJar):
return nil, err

Check warning on line 94 in java/jar/jar.go

View check run for this annotation

Codecov / codecov/patch

java/jar/jar.go#L93-L94

Added lines #L93 - L94 were not covered by tests
default:
return nil, mkErr(name, err)
}
Expand All @@ -103,6 +105,8 @@
goto Finish
case errors.Is(err, errUnpopulated) || errors.Is(err, errInsaneManifest):
case strings.HasPrefix(base, "javax") && errors.Is(err, ErrNotAJar):
case errors.Is(err, ErrNotAJar):
return nil, err
default:
return nil, mkErr(name, err)
}
Expand Down Expand Up @@ -146,7 +150,7 @@
mf, err := z.Open(manifestPath)
switch {
case errors.Is(err, nil):
case errors.Is(err, fs.ErrNotExist):
case errors.Is(err, fs.ErrNotExist), errors.Is(err, zip.ErrFormat):
return Info{}, mkErr("manifest", notAJar(name, err))
default:
return Info{}, err
Expand All @@ -165,10 +169,13 @@
func extractProperties(ctx context.Context, name string, z *zip.Reader) ([]Info, error) {
const filename = "pom.properties"
mf, err := z.Open(`META-INF`)
if err != nil {
if errors.Is(err, fs.ErrNotExist) {
return nil, mkErr("properties", notAJar(name, err))
}
switch {
case errors.Is(err, nil):
case errors.Is(err, fs.ErrNotExist),
errors.Is(err, zip.ErrFormat),
errors.Is(err, zip.ErrChecksum):
return nil, mkErr("properties", notAJar(name, err))
default:

Check warning on line 178 in java/jar/jar.go

View check run for this annotation

Codecov / codecov/patch

java/jar/jar.go#L178

Added line #L178 was not covered by tests
return nil, mkErr("properties", err)
}
mf.Close()
Expand All @@ -193,7 +200,11 @@
ret := make([]Info, len(pf))
for i, p := range pf {
f, err := z.Open(p)
if err != nil {
switch {
case errors.Is(err, nil):
case errors.Is(err, zip.ErrFormat), errors.Is(err, zip.ErrChecksum):
return nil, mkErr("properties", notAJar(name, err))
default:

Check warning on line 207 in java/jar/jar.go

View check run for this annotation

Codecov / codecov/patch

java/jar/jar.go#L205-L207

Added lines #L205 - L207 were not covered by tests
return nil, err
}
err = ret[i].parseProperties(ctx, f)
Expand Down
94 changes: 94 additions & 0 deletions java/jar/jar_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -259,6 +259,100 @@ func TestJARBadManifest(t *testing.T) {
}
}

// TestMalformed creates a malformed zip, then makes sure the package handles it
// gracefully.
func TestMalformed(t *testing.T) {
const (
jarName = `malformed_zip.jar`
manifest = `testdata/malformed_zip.MF`
)
t.Parallel()
ctx := zlog.Test(context.Background(), t)
dir := integration.PackageCacheDir(t)
fn := filepath.Join(dir, jarName)
Open:
f, err := os.Open(fn)
switch {
case errors.Is(err, nil):
case errors.Is(err, os.ErrNotExist):
// Create the jar-like.
mk, err := os.Create(fn)
if err != nil {
t.Fatal(err)
}
defer func() {
if err := mk.Close(); err != nil {
t.Logf("non-failing error: %v", err)
}
if t.Failed() {
if err := os.Remove(fn); err != nil {
t.Error(err)
}
}
}()
w := zip.NewWriter(mk)
if _, err := w.Create(`META-INF/`); err != nil {
t.Fatal(err)
}
fw, err := w.Create(`META-INF/MANIFEST.MF`)
if err != nil {
t.Fatal(err)
}
mf, err := os.ReadFile(manifest)
if err != nil {
t.Fatal(err)
}
if _, err := io.Copy(fw, bytes.NewReader(mf)); err != nil {
t.Fatal(err)
}
if err := w.Close(); err != nil {
t.Fatal(err)
}

// Then, corrupt it.
// Seek to the central directory footer:
pos, err := mk.Seek(-0x16+0x10 /* sizeof(footer) + offset(dir_offset)*/, io.SeekEnd)
if err != nil {
t.Fatal(err)
}
b := make([]byte, 4)
if _, err := io.ReadFull(mk, b); err != nil {
t.Fatal(err)
}
// Offset everything so the reader slowly descends into madness.
b[0] -= 7
if _, err := mk.WriteAt(b, pos); err != nil {
t.Fatal(err)
}

if err := mk.Sync(); err != nil {
t.Error(err)
}
goto Open
default:
t.Fatal(err)
}
defer f.Close()
fi, err := f.Stat()
if err != nil {
t.Fatal(err)
}
z, err := zip.NewReader(f, fi.Size())
if err != nil {
t.Fatal(err)
}
infos, err := Parse(ctx, jarName, z)
crozzy marked this conversation as resolved.
Show resolved Hide resolved
t.Logf("returned error: %v", err)
switch {
case errors.Is(err, ErrNotAJar):
default:
t.Fail()
}
if len(infos) != 0 {
t.Errorf("returned infos: %#v", infos)
}
}

func TestManifestSectionReader(t *testing.T) {
var ms []string
d := os.DirFS("testdata")
Expand Down
5 changes: 5 additions & 0 deletions java/jar/testdata/malformed_zip.MF
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@
Manifest-Version: 1.0
Created-By: 666 (claircore testing)

Name: foo
Other-Key: blah
Loading