From a6bc33e41a050348b160c9efdf109a17790030e1 Mon Sep 17 00:00:00 2001
From: eranbrodet <eranbrodet@gmail.com>
Date: Wed, 7 Feb 2024 12:41:28 +0200
Subject: [PATCH] Allow skipping IsFolders check in
 DebArchiver.ExtractArchive()

Relevant for XRAY-13114
---
 archive_extractor/deb_archiver.go             |  14 +++++++-
 archive_extractor/deb_archiver_test.go        |  33 ++++++++++++++++++
 .../fixtures/testslashesinentrynames.deb      | Bin 0 -> 974 bytes
 3 files changed, 46 insertions(+), 1 deletion(-)
 create mode 100644 archive_extractor/fixtures/testslashesinentrynames.deb

diff --git a/archive_extractor/deb_archiver.go b/archive_extractor/deb_archiver.go
index fdb6de4..4bee7d8 100644
--- a/archive_extractor/deb_archiver.go
+++ b/archive_extractor/deb_archiver.go
@@ -15,6 +15,8 @@ type DebArchiver struct {
 	MaxNumberOfEntries int
 }
 
+const DebArchiverSkipFoldersCheckParamsKey = "DebArchiverSkipFoldersCheckParamsKey"
+
 func (da DebArchiver) ExtractArchive(path string,
 	processingFunc func(*ArchiveHeader, map[string]interface{}) error, params map[string]interface{}) error {
 	maxBytesLimit, err := maxBytesLimit(path, da.MaxCompressRatio)
@@ -33,6 +35,7 @@ func (da DebArchiver) ExtractArchive(path string,
 	if rc == nil {
 		return errors.New(fmt.Sprintf("Failed to open deb file : %s", path))
 	}
+
 	entriesCount := 0
 	for {
 		if da.MaxNumberOfEntries != 0 && entriesCount > da.MaxNumberOfEntries {
@@ -49,7 +52,7 @@ func (da DebArchiver) ExtractArchive(path string,
 		if archiveEntry == nil {
 			return errors.New(fmt.Sprintf("Failed to open file : %s", path))
 		}
-		if !utils.IsFolder(archiveEntry.Name) {
+		if skipFolderCheck(params) || !utils.IsFolder(archiveEntry.Name) {
 			limitingReader := provider.CreateLimitAggregatingReadCloser(rc)
 			archiveHeader := NewArchiveHeader(limitingReader, archiveEntry.Name, archiveEntry.ModTime.Unix(), archiveEntry.Size)
 			err = processingFunc(archiveHeader, params)
@@ -60,3 +63,12 @@ func (da DebArchiver) ExtractArchive(path string,
 	}
 	return nil
 }
+
+func skipFolderCheck(params map[string]interface{}) bool {
+	value, found := params[DebArchiverSkipFoldersCheckParamsKey]
+	if !found {
+		return false
+	}
+	boolValue, ok := value.(bool)
+	return ok && boolValue
+}
diff --git a/archive_extractor/deb_archiver_test.go b/archive_extractor/deb_archiver_test.go
index cfb24c5..0417b6f 100644
--- a/archive_extractor/deb_archiver_test.go
+++ b/archive_extractor/deb_archiver_test.go
@@ -43,3 +43,36 @@ func TestDebArchiverMaxRatioNotReached(t *testing.T) {
 	err := za.ExtractArchive("./fixtures/test.deb", processingReadingFunc, params())
 	assert.NoError(t, err)
 }
+
+func TestDebArchiverSkipFoldersCheck(t *testing.T) {
+	za := &DebArchiver{
+		MaxCompressRatio:   1,
+		MaxNumberOfEntries: 3,
+	}
+	paramsMap := params()
+
+	var entries []string
+	processor := func(header *ArchiveHeader, params map[string]interface{}) error {
+		entries = append(entries, header.Name)
+		return nil
+	}
+
+	archivePath := "./fixtures/testslashesinentrynames.deb"
+
+	// Default behaviour, skip entries that look like folders
+	err := za.ExtractArchive(archivePath, processor, paramsMap)
+	assert.NoError(t, err)
+	assert.Equal(t, 0, len(entries))
+
+	// Explicitly skip entries that look like folders
+	paramsMap[DebArchiverSkipFoldersCheckParamsKey] = false
+	err = za.ExtractArchive(archivePath, processor, paramsMap)
+	assert.NoError(t, err)
+	assert.Equal(t, 0, len(entries))
+
+	// Don't skip entries that look like folders
+	paramsMap[DebArchiverSkipFoldersCheckParamsKey] = true
+	err = za.ExtractArchive(archivePath, processor, paramsMap)
+	assert.NoError(t, err)
+	assert.Equal(t, 3, len(entries))
+}
diff --git a/archive_extractor/fixtures/testslashesinentrynames.deb b/archive_extractor/fixtures/testslashesinentrynames.deb
new file mode 100644
index 0000000000000000000000000000000000000000..afb2a50b62655007967128f61508a19f73f53289
GIT binary patch
literal 974
zcmY$iNi0gvu;WTeP0CEn(@o0EODw9?S5PoeKmZ6ELYkSFfF&R#h?&4;q-VgDoS#=x
zl%Jzll31jdUZqb^zp*9Egaj`6ZVrYho1G~P%x|xp^*Ul8!0=$+XOYUr+*#W)uPZHj
z;OOWmu;+NnHtC$nla~Cm-CHQ`B6cJ=w7^ay^H!!>%8X|^(J>RZIK4Ucq~Olo&%4BY
zBTe^cUH;rAp6hn>Q}pRgmM$+f|8|Dd2cDa<`Qq-xgEH?~^IrWr{VQD8enq`@#ng*Q
z2W@MAJpa0X;w#5*7cO!ru3PrE=T0O4v73Ejl@p7LQble|XiEE?aCfrr`?Y2J7GH~0
zNRP|)Wf4uE@APEF>{&71$;rDESY@l9KYD4^7&S%u<_F=T%*z}3nO|I8Tj?7w`ov6k
zgZIir<>!i%r1R&Pe_Xmauc}^|z38FajI!N#k6D!V9Na9koU!PsTiV^MZ)sO&yKi_R
z)AT9r*7}Uts4vNW-v#&AeyDdj=caqerj50@=KB9R)7$^XPnY@qUtNRuK&j>_<qPgt
zYqgKMt%;7fzA3|8h-GQ<2c4Xy?91jR&94{s$zA$3v7q+e{v>C`76B&?RAT=#Ufs?4
z9~d+k7*Y~T65&w@j9Wsfz}UhZoEku>067--dov}<9RJ83+p=Kg&b%p~&h36)cjH2k
z^NXiX`A;2s8(_KE<6}wY$~#IOO$t&{S(g>1oL=}BY|zul;8R(#)LwD3Y75KR-HYtj
zKef!Od^hj=^!Crfw?FDKM&_;8otynTa)L_a!bM6QTfW8#{$NN<`EB1jVN&E3Zl1?S
z!uAV3*PqEcJAFa_KgLsw_Y2$onjN`!!p2;#s(1PyY?i)w-*W!%<(*S>jW4*@M;`q9
zzT@1#qdk!+pR2M$&DqKnzub!#arsj2a{b@RHT&{Xt`)JR=hP(ke?QQrQhReg*WACU
zom?#s*}qMX{qy->@@~0Fb9Q;{z9XzSZFg$(!`D9xQZ7Eyy(sivOiw5-tk>k(IeqC_
zVc$(>^?zI;`aLH!)bDDIqVBW3AFnR{x$t`R_FtcD{ux}Vv6>a5cKPaDFP+M=nyR3A
zoae&6onpWJbm`QGwO+z|LKYYGY6W^L>h*~TFK(Z0U(3OO4C;?ad+rhv21Oqi00Ld4
Ab^rhX

literal 0
HcmV?d00001