diff --git a/library/fsl/tests/fsl_tests.pas b/library/fsl/tests/fsl_tests.pas index 1e5bc198f..fe5e99163 100644 --- a/library/fsl/tests/fsl_tests.pas +++ b/library/fsl/tests/fsl_tests.pas @@ -33,7 +33,8 @@ interface Uses - {$IFDEF WINDOWS} Windows, {$ENDIF} SysUtils, Classes, {$IFNDEF FPC}Soap.EncdDecd, System.NetEncoding, {$ENDIF} SyncObjs, zlib, + {$IFDEF WINDOWS} Windows, {$ENDIF} SysUtils, Classes, {$IFNDEF FPC}Soap.EncdDecd, System.NetEncoding, {$ENDIF} SyncObjs, + zlib, zstream, {$IFDEF FPC} FPCUnit, TestRegistry, RegExpr, {$ELSE} TestFramework, {$ENDIF} fsl_testing, IdGlobalProtocols, fsl_base, fsl_utilities, fsl_stream, fsl_threads, fsl_collections, fsl_fpc, fsl_versions, @@ -41,7 +42,7 @@ interface {$IFNDEF FPC} fsl_msxml, {$ENDIF} - fsl_json, fsl_turtle, fsl_comparisons; + fsl_json, fsl_turtle, fsl_comparisons, fsl_npm; Type TFslTestString = class (TFslObject) @@ -5264,39 +5265,44 @@ procedure TXmlUtilsTest.TestUnPretty; function TTarGZParserTests.load(filename : String) : TFslList; var + bs : TBytesStream; z : TZDecompressionStream; tar : TTarArchive; entry : TTarDirRec; - mem : TMemoryStream; + n : String; + b : TBytes; + bi : TBytesStream; item : TFslNameBuffer; - stream : TFileStream; -begin +begin result := TFslList.Create; try - stream := TFileStream.Create(filename, fmOpenRead); + bs := TBytesStream.create(readZLibHeader(TFileStream.create(filename, fmOpenRead))); try - z := TZDecompressionStream.Create(stream, false); // 15+16); + z := TZDecompressionStream.Create(bs, true); // 15+16); try tar := TTarArchive.Create(z); try + tar.Reset; while tar.FindNext(entry) do begin + n := String(entry.Name); + if (n.contains('..')) then + raise EFSLException.create('The package contains the file "'+n+'". Packages are not allowed to contain files with ".." in the name'); + bi := TBytesStream.Create; + try + tar.ReadFile(bi); + b := copy(bi.Bytes, 0, bi.size); + finally + bi.free; + end; item := TFslNameBuffer.Create; try - item.Name := String(entry.Name); - mem := TMemoryStream.Create; - try - tar.ReadFile(mem); - mem.position := 0; - item.loadFromStream(mem); - finally - mem.free; - end; + item.Name := n; + item.AsBytes := b; result.Add(item.link) finally item.free; end; - //break; end; finally tar.free; @@ -5305,8 +5311,8 @@ function TTarGZParserTests.load(filename : String) : TFslList; z.free; end; finally - stream.free; - end; + bs.free; + end; result.link; finally result.free; diff --git a/library/fsl/tests/fsl_tests_web.pas b/library/fsl/tests/fsl_tests_web.pas index 51775b188..096206a26 100644 --- a/library/fsl/tests/fsl_tests_web.pas +++ b/library/fsl/tests/fsl_tests_web.pas @@ -605,7 +605,6 @@ procedure TOpenSSLTests.testWebServer_110; begin assertTrue(TestSettings.SSLCertFile <> '', 'Must provide public key file for SSL test in '+TestSettings.filename+' ([ssl] cert=)'); assertTrue(TestSettings.SSLKeyFile <> '', 'Must provide private key file for SSL test in '+TestSettings.filename+' ([ssl] key=)'); - assertTrue(TestSettings.SSLPassword <> '', 'Must provide password for private key for SSL test in '+TestSettings.filename+' ([ssl] password=)'); assertTrue(TestSettings.SSLCAFile <> '', 'Must provide ca cert file for SSL test in '+TestSettings.filename+' ([ssl] cacert=)'); assertTrue(FileExists(TestSettings.SSLCertFile), 'SSL Certificate not found at '+TestSettings.SSLCertFile);