s434730/RandomSec
3
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Create dedicated temporary dir for zip slip test

Browse Source
This commit is contained in:
Antonin Delpeuch 2018-12-09 11:01:58 +09:00
parent e243e73e40
commit 79994e86da
1 changed files with 6 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
main/tests/server/src/com/google/refine/tests/importing/ImportingUtilitiesTests.java
View File

@ -1,6 +1,8 @@
package com.google.refine.tests.importing;
import java.io.File;
import java.io.IOException;
import java.util.LinkedList;
import org.testng.Assert;
@ -14,6 +16,7 @@ import com.google.refine.importers.tree.TreeImportingParserBase;
import com.google.refine.importing.ImportingJob;
import com.google.refine.importing.ImportingUtilities;
import com.google.refine.tests.importers.ImporterTest;
import com.google.refine.tests.util.TestUtils;
import com.google.refine.util.JSONUtilities;
import com.google.refine.util.ParsingUtilities;
@ -37,9 +40,10 @@ public class ImportingUtilitiesTests extends ImporterTest {
}
@Test(expectedExceptions=IllegalArgumentException.class)
public void testZipSlip() {
public void testZipSlip() throws IOException {
File tempDir = TestUtils.createTempDirectory("openrefine-zip-slip-test");
// For CVE-2018-19859, issue #1840
ImportingUtilities.allocateFile(workspaceDir, "../../script.sh");
ImportingUtilities.allocateFile(tempDir, "../../tmp/script.sh");
}
private ObjectNode getNestedOptions(ImportingJob job, TreeImportingParserBase parser) {