From 4c5c6e808c87406240867581b8bb601100b1ab76 Mon Sep 17 00:00:00 2001 From: Guido Draheim Date: Mon, 5 Feb 2018 10:29:14 +0100 Subject: [PATCH] reorganize testcases for CVEs --- test/zziptests.py | 1567 +++++++++++++++------------------------------ 1 file changed, 522 insertions(+), 1045 deletions(-) diff --git a/test/zziptests.py b/test/zziptests.py index 802246f..f409da9 100644 --- a/test/zziptests.py +++ b/test/zziptests.py @@ -1287,6 +1287,14 @@ class ZZipTest(unittest.TestCase): self.assertIn(" didn't find end-of-central-dir signature at end of central dir", run.errors) self.assertIn(" 2 extra bytes at beginning or within zipfile", run.errors) self.assertLess(len(run.output), 280) + # + run = shell("cd {tmpdir} && {exe} -o {filename}".format(**locals()), + returncodes = [2]) + self.assertLess(len(run.output), 90) + self.assertLess(len(errors(run.errors)), 900) + self.assertIn('test: mismatching "local" filename', run.errors) + self.assertIn('test: unknown compression method', run.errors) + self.assertEqual(os.path.getsize(tmpdir+"/test"), 0) self.rm_testdir() def test_59771_zzipdir_big_CVE_2017_5977(self): """ run info-zip -l $(CVE_2017_5977).zip """ @@ -1300,6 +1308,12 @@ class ZZipTest(unittest.TestCase): self.assertLess(len(run.output), 30) self.assertLess(len(errors(run.errors)), 1) self.assertIn(" stored test", run.output) + # + run = shell("cd {tmpdir} && ../{exe} {filename} ".format(**locals()), + returncodes = [0]) + self.assertLess(len(run.output), 30) + self.assertLess(len(errors(run.errors)), 1) + self.assertEqual(os.path.getsize(tmpdir+"/test"), 0) self.rm_testdir() def test_59772_zzipdir_mem_CVE_2017_5977(self): """ run unzzip-mem -l $(CVE_2017_5977).zip """ @@ -1313,6 +1327,11 @@ class ZZipTest(unittest.TestCase): self.assertLess(len(run.output), 30) self.assertLess(len(errors(run.errors)), 1) self.assertIn(" 3 test", run.output) + # + run = shell("cd {tmpdir} && ../{exe} {filename} ".format(**locals()), + returncodes = [0]) + self.assertLess(len(run.output), 30) + self.assertEqual(os.path.getsize(tmpdir+"/test"), 3) self.rm_testdir() def test_59773_zzipdir_mix_CVE_2017_5977(self): """ run unzzip-mix -l $(CVE_2017_5977).zip """ @@ -1326,6 +1345,12 @@ class ZZipTest(unittest.TestCase): self.assertLess(len(run.output), 30) self.assertLess(len(errors(run.errors)), 1) self.assertIn(" 3 test", run.output) + # + run = shell("cd {tmpdir} && ../{exe} {filename} ".format(**locals()), + returncodes = [0]) + self.assertLess(len(run.output), 30) + self.assertLess(len(errors(run.errors)), 1) + self.assertEqual(os.path.getsize(tmpdir+"/test"), 0) self.rm_testdir() def test_59774_zzipdir_zap_CVE_2017_5977(self): """ run unzzip -l $(CVE_2017_5977).zip """ @@ -1339,67 +1364,7 @@ class ZZipTest(unittest.TestCase): self.assertLess(len(run.output), 30) self.assertLess(len(errors(run.errors)), 1) self.assertIn(" 3 test", run.output) - self.rm_testdir() - def test_59775_zipext_info_CVE_2017_5977(self): - """ run info' unzip $(CVE_2017_5977).zip """ - tmpdir = self.testdir() - filename = self.zip_CVE_2017_5977 - file_url = self.url_CVE_2017_5977 - download(file_url, filename, tmpdir) - exe = self.bins("unzip") - run = shell("cd {tmpdir} && {exe} -o {filename}".format(**locals()), - returncodes = [2]) - self.assertLess(len(run.output), 90) - self.assertLess(len(errors(run.errors)), 900) - self.assertIn('test: mismatching "local" filename', run.errors) - self.assertIn('test: unknown compression method', run.errors) - self.assertEqual(os.path.getsize(tmpdir+"/test"), 0) - self.rm_testdir() - def test_59776_zzipext_big_CVE_2017_5977(self): - """ run unzzip-big $(CVE_2017_5977).zip """ - tmpdir = self.testdir() - filename = self.zip_CVE_2017_5977 - file_url = self.url_CVE_2017_5977 - download(file_url, filename, tmpdir) - exe = self.bins("unzzip-big") - run = shell("cd {tmpdir} && ../{exe} {filename} ".format(**locals()), - returncodes = [0]) - self.assertLess(len(run.output), 30) - self.assertLess(len(errors(run.errors)), 1) - self.assertEqual(os.path.getsize(tmpdir+"/test"), 0) - self.rm_testdir() - def test_59777_zzipext_mem_CVE_2017_5977(self): - """ run unzzip-mem $(CVE_2017_5977).zip """ - tmpdir = self.testdir() - filename = self.zip_CVE_2017_5977 - file_url = self.url_CVE_2017_5977 - download(file_url, filename, tmpdir) - exe = self.bins("unzzip-mem") - run = shell("cd {tmpdir} && ../{exe} {filename} ".format(**locals()), - returncodes = [0]) - self.assertLess(len(run.output), 30) - self.assertEqual(os.path.getsize(tmpdir+"/test"), 3) - self.rm_testdir() - def test_59778_zzipext_mix_CVE_2017_5977(self): - """ run unzzip-mix $(CVE_2017_5977).zip """ - tmpdir = self.testdir() - filename = self.zip_CVE_2017_5977 - file_url = self.url_CVE_2017_5977 - download(file_url, filename, tmpdir) - exe = self.bins("unzzip-mix") - run = shell("cd {tmpdir} && ../{exe} {filename} ".format(**locals()), - returncodes = [0]) - self.assertLess(len(run.output), 30) - self.assertLess(len(errors(run.errors)), 1) - self.assertEqual(os.path.getsize(tmpdir+"/test"), 0) - self.rm_testdir() - def test_59779_zzipext_zap_CVE_2017_5977(self): - """ run unzzip $(CVE_2017_5977).zip """ - tmpdir = self.testdir() - filename = self.zip_CVE_2017_5977 - file_url = self.url_CVE_2017_5977 - download(file_url, filename, tmpdir) - exe = self.bins("unzzip") + # run = shell("cd {tmpdir} && ../{exe} {filename} ".format(**locals()), returncodes = [0]) self.assertLess(len(run.output), 30) @@ -1407,7 +1372,6 @@ class ZZipTest(unittest.TestCase): self.assertEqual(os.path.getsize(tmpdir+"/test"), 3) # TODO self.rm_testdir() - url_CVE_2017_5978 = "https://raw.githubusercontent.com/asarubbo/poc/master/" zip_CVE_2017_5978 = "00156-zziplib-oobread-zzip_mem_entry_new" def test_59780_infozipdir_CVE_2017_5978(self): @@ -1423,6 +1387,13 @@ class ZZipTest(unittest.TestCase): self.assertIn(' attempt to seek before beginning of zipfile', run.errors) self.assertLess(len(run.output), 80) self.assertLess(len(errors(run.errors)), 430) + # + run = shell("cd {tmpdir} && {exe} -o {filename}".format(**locals()), + returncodes = [3]) + self.assertLess(len(run.output), 90) + self.assertLess(len(errors(run.errors)), 900) + self.assertIn('attempt to seek before beginning of zipfile', run.errors) + self.assertFalse(os.path.exists(tmpdir+"/test")) self.rm_testdir() def test_59781_zzipdir_big_CVE_2017_5978(self): """ run info-zip -l $(CVE_2017_5978).zip """ @@ -1436,6 +1407,13 @@ class ZZipTest(unittest.TestCase): self.assertLess(len(run.output), 30) self.assertLess(len(errors(run.errors)), 1) self.assertIn(" stored (null)", run.output) + # + run = shell("cd {tmpdir} && ../{exe} {filename} ".format(**locals()), + returncodes = [0,1]) + self.assertLess(len(run.output), 30) + self.assertLess(len(errors(run.errors)), 1) + self.assertFalse(os.path.exists(tmpdir+"/test")) + # self.assertEqual(os.path.getsize(tmpdir+"/test"), 0) self.rm_testdir() def test_59782_zzipdir_mem_CVE_2017_5978(self): """ run unzzip-mem -l $(CVE_2017_5978).zip """ @@ -1450,6 +1428,14 @@ class ZZipTest(unittest.TestCase): self.assertLess(len(errors(run.errors)), 180) self.assertIn("zzip_mem_disk_load : unable to load entry", run.errors) self.assertIn("zzip_mem_disk_open : unable to load disk", run.errors) + # + run = shell("cd {tmpdir} && ../{exe} {filename} ".format(**locals()), + returncodes = [0]) + self.assertLess(len(run.output), 30) + self.assertLess(len(errors(run.errors)), 300) + self.assertIn("..(nil)", run.errors) + self.assertFalse(os.path.exists(tmpdir+"/test")) + # self.assertEqual(os.path.getsize(tmpdir+"/test"), 0) self.rm_testdir() def test_59783_zzipdir_mix_CVE_2017_5978(self): """ run unzzip-mix -l $(CVE_2017_5978).zip """ @@ -1463,6 +1449,15 @@ class ZZipTest(unittest.TestCase): self.assertLess(len(run.output), 1) self.assertLess(len(errors(run.errors)), 180) self.assertTrue(greps(run.errors, "Invalid or")) + # + run = shell("cd {tmpdir} && ../{exe} {filename} ".format(**locals()), + returncodes = [0,2]) + self.assertLess(len(run.output), 30) + self.assertLess(len(errors(run.errors)), 300) + self.assertTrue(greps(run.errors, "Invalid or")) + # self.assertIn("..(nil)", run.errors) + self.assertFalse(os.path.exists(tmpdir+"/test")) + # self.assertEqual(os.path.getsize(tmpdir+"/test"), 0) self.rm_testdir() def test_59784_zzipdir_zap_CVE_2017_5978(self): """ run unzzip -l $(CVE_2017_5978).zip """ @@ -1475,72 +1470,7 @@ class ZZipTest(unittest.TestCase): returncodes = [3]) self.assertLess(len(run.output), 1) self.assertLess(len(errors(run.errors)), 180) - self.rm_testdir() - def test_59785_zipext_info_CVE_2017_5978(self): - """ run info' unzip $(CVE_2017_5978).zip """ - tmpdir = self.testdir() - filename = self.zip_CVE_2017_5978 - file_url = self.url_CVE_2017_5978 - download(file_url, filename, tmpdir) - exe = self.bins("unzip") - run = shell("cd {tmpdir} && {exe} -o {filename}".format(**locals()), - returncodes = [3]) - self.assertLess(len(run.output), 90) - self.assertLess(len(errors(run.errors)), 900) - self.assertIn('attempt to seek before beginning of zipfile', run.errors) - self.assertFalse(os.path.exists(tmpdir+"/test")) - self.rm_testdir() - def test_59786_zzipext_big_CVE_2017_5978(self): - """ run unzzip-big $(CVE_2017_5978).zip """ - tmpdir = self.testdir() - filename = self.zip_CVE_2017_5978 - file_url = self.url_CVE_2017_5978 - download(file_url, filename, tmpdir) - exe = self.bins("unzzip-big") - run = shell("cd {tmpdir} && ../{exe} {filename} ".format(**locals()), - returncodes = [0,1]) - self.assertLess(len(run.output), 30) - self.assertLess(len(errors(run.errors)), 1) - self.assertFalse(os.path.exists(tmpdir+"/test")) - # self.assertEqual(os.path.getsize(tmpdir+"/test"), 0) - self.rm_testdir() - def test_59787_zzipext_mem_CVE_2017_5978(self): - """ run unzzip-mem $(CVE_2017_5978).zip """ - tmpdir = self.testdir() - filename = self.zip_CVE_2017_5978 - file_url = self.url_CVE_2017_5978 - download(file_url, filename, tmpdir) - exe = self.bins("unzzip-mem") - run = shell("cd {tmpdir} && ../{exe} {filename} ".format(**locals()), - returncodes = [0]) - self.assertLess(len(run.output), 30) - self.assertLess(len(errors(run.errors)), 300) - self.assertIn("..(nil)", run.errors) - self.assertFalse(os.path.exists(tmpdir+"/test")) - # self.assertEqual(os.path.getsize(tmpdir+"/test"), 0) - self.rm_testdir() - def test_59788_zzipext_mix_CVE_2017_5978(self): - """ run unzzip-mix $(CVE_2017_5978).zip """ - tmpdir = self.testdir() - filename = self.zip_CVE_2017_5978 - file_url = self.url_CVE_2017_5978 - download(file_url, filename, tmpdir) - exe = self.bins("unzzip-mem") - run = shell("cd {tmpdir} && ../{exe} {filename} ".format(**locals()), - returncodes = [0]) - self.assertLess(len(run.output), 30) - self.assertLess(len(errors(run.errors)), 300) - self.assertIn("..(nil)", run.errors) - self.assertFalse(os.path.exists(tmpdir+"/test")) - # self.assertEqual(os.path.getsize(tmpdir+"/test"), 0) - self.rm_testdir() - def test_59789_zzipext_zap_CVE_2017_5978(self): - """ run unzzip $(CVE_2017_5978).zip """ - tmpdir = self.testdir() - filename = self.zip_CVE_2017_5978 - file_url = self.url_CVE_2017_5978 - download(file_url, filename, tmpdir) - exe = self.bins("unzzip") + # run = shell("cd {tmpdir} && ../{exe} {filename} ".format(**locals()), returncodes = [0,3]) self.assertLess(len(run.output), 30) @@ -1564,6 +1494,13 @@ class ZZipTest(unittest.TestCase): self.assertIn(' 1 file', run.output) self.assertLess(len(run.output), 330) self.assertLess(len(errors(run.errors)), 1) + # + run = shell("cd {tmpdir} && {exe} -o {filename}".format(**locals()), + returncodes = [0]) + self.assertLess(len(run.output), 90) + self.assertLess(len(errors(run.errors)), 1) + self.assertIn('extracting: a', run.output) + self.assertEqual(os.path.getsize(tmpdir+"/a"), 3) self.rm_testdir() def test_59791_zzipdir_big_CVE_2017_5979(self): """ run info-zip -l $(CVE_2017_5979).zip """ @@ -1577,6 +1514,12 @@ class ZZipTest(unittest.TestCase): self.assertLess(len(run.output), 30) self.assertLess(len(errors(run.errors)), 1) self.assertIn(" stored a", run.output) + # + run = shell("cd {tmpdir} && ../{exe} {filename} ".format(**locals()), + returncodes = [0]) + self.assertLess(len(run.output), 30) + self.assertLess(len(errors(run.errors)), 1) + self.assertEqual(os.path.getsize(tmpdir+"/a"), 3) self.rm_testdir() def test_59792_zzipdir_mem_CVE_2017_5979(self): """ run unzzip-mem -l $(CVE_2017_5979).zip """ @@ -1590,6 +1533,11 @@ class ZZipTest(unittest.TestCase): self.assertLess(len(run.output), 30) self.assertLess(len(errors(run.errors)), 1) self.assertIn(" 3 a", run.output) + # + run = shell("cd {tmpdir} && ../{exe} {filename} ".format(**locals()), + returncodes = [0]) + self.assertLess(len(run.output), 30) + self.assertEqual(os.path.getsize(tmpdir+"/a"), 3) self.rm_testdir() def test_59793_zzipdir_mix_CVE_2017_5979(self): """ run unzzip-mix -l $(CVE_2017_5979).zip """ @@ -1603,6 +1551,13 @@ class ZZipTest(unittest.TestCase): self.assertLess(len(run.output), 30) self.assertLess(len(errors(run.errors)), 1) self.assertIn(" 3 a", run.output) + # + run = shell("cd {tmpdir} && ../{exe} {filename} ".format(**locals()), + returncodes = [0]) + self.assertLess(len(run.output), 30) + self.assertLess(len(errors(run.errors)), 20) + self.assertEqual(os.path.getsize(tmpdir+"/a"), 0) # FIXME + # self.assertEqual(os.path.getsize(tmpdir+"/a"), 3) # FIXME self.rm_testdir() def test_59794_zzipdir_zap_CVE_2017_5979(self): """ run unzzip -l $(CVE_2017_5979).zip """ @@ -1616,67 +1571,7 @@ class ZZipTest(unittest.TestCase): self.assertLess(len(run.output), 30) self.assertLess(len(errors(run.errors)), 1) self.assertIn(" 3 a", run.output) - self.rm_testdir() - def test_59795_zipext_info_CVE_2017_5979(self): - """ run info' unzip $(CVE_2017_5979).zip """ - tmpdir = self.testdir() - filename = self.zip_CVE_2017_5979 - file_url = self.url_CVE_2017_5979 - download(file_url, filename, tmpdir) - exe = self.bins("unzip") - run = shell("cd {tmpdir} && {exe} -o {filename}".format(**locals()), - returncodes = [0]) - self.assertLess(len(run.output), 90) - self.assertLess(len(errors(run.errors)), 1) - self.assertIn('extracting: a', run.output) - self.assertEqual(os.path.getsize(tmpdir+"/a"), 3) - self.rm_testdir() - def test_59796_zzipext_big_CVE_2017_5979(self): - """ run unzzip-big $(CVE_2017_5979).zip """ - tmpdir = self.testdir() - filename = self.zip_CVE_2017_5979 - file_url = self.url_CVE_2017_5979 - download(file_url, filename, tmpdir) - exe = self.bins("unzzip-big") - run = shell("cd {tmpdir} && ../{exe} {filename} ".format(**locals()), - returncodes = [0]) - self.assertLess(len(run.output), 30) - self.assertLess(len(errors(run.errors)), 1) - self.assertEqual(os.path.getsize(tmpdir+"/a"), 3) - self.rm_testdir() - def test_59797_zzipext_mem_CVE_2017_5979(self): - """ run unzzip-mem $(CVE_2017_5979).zip """ - tmpdir = self.testdir() - filename = self.zip_CVE_2017_5979 - file_url = self.url_CVE_2017_5979 - download(file_url, filename, tmpdir) - exe = self.bins("unzzip-mem") - run = shell("cd {tmpdir} && ../{exe} {filename} ".format(**locals()), - returncodes = [0]) - self.assertLess(len(run.output), 30) - self.assertEqual(os.path.getsize(tmpdir+"/a"), 3) - self.rm_testdir() - def test_59798_zzipext_mix_CVE_2017_5979(self): - """ run unzzip-mix $(CVE_2017_5979).zip """ - tmpdir = self.testdir() - filename = self.zip_CVE_2017_5979 - file_url = self.url_CVE_2017_5979 - download(file_url, filename, tmpdir) - exe = self.bins("unzzip-mix") - run = shell("cd {tmpdir} && ../{exe} {filename} ".format(**locals()), - returncodes = [0]) - self.assertLess(len(run.output), 30) - self.assertLess(len(errors(run.errors)), 20) - self.assertEqual(os.path.getsize(tmpdir+"/a"), 0) # FIXME - # self.assertEqual(os.path.getsize(tmpdir+"/a"), 3) # FIXME - self.rm_testdir() - def test_59799_zzipext_zap_CVE_2017_5979(self): - """ run unzzip-mix $(CVE_2017_5979).zip """ - tmpdir = self.testdir() - filename = self.zip_CVE_2017_5979 - file_url = self.url_CVE_2017_5979 - download(file_url, filename, tmpdir) - exe = self.bins("unzzip") + # run = shell("cd {tmpdir} && ../{exe} {filename} ".format(**locals()), returncodes = [0]) self.assertLess(len(run.output), 30) @@ -1699,6 +1594,13 @@ class ZZipTest(unittest.TestCase): self.assertIn(' 1 file', run.output) self.assertLess(len(run.output), 330) self.assertLess(len(errors(run.errors)), 1) + # + run = shell("cd {tmpdir} && {exe} -o {filename}".format(**locals()), + returncodes = [0]) + self.assertLess(len(run.output), 90) + self.assertLess(len(errors(run.errors)), 1) + self.assertIn(" extracting: test", run.output) + self.assertEqual(os.path.getsize(tmpdir+"/test"), 3) self.rm_testdir() def test_59741_zzipdir_big_CVE_2017_5974(self): """ run unzzip-big -l $(CVE_2017_5974).zip """ @@ -1712,6 +1614,12 @@ class ZZipTest(unittest.TestCase): self.assertLess(len(run.output), 30) self.assertLess(len(errors(run.errors)), 1) self.assertIn(" stored test", run.output) + # + run = shell("cd {tmpdir} && ../{exe} {filename} ".format(**locals()), + returncodes = [0]) + self.assertLess(len(run.output), 30) + self.assertLess(len(errors(run.errors)), 1) + self.assertEqual(os.path.getsize(tmpdir+"/test"), 3) self.rm_testdir() def test_59742_zzipdir_mem_CVE_2017_5974(self): """ run unzzip-mem -l $(CVE_2017_5974).zip """ @@ -1725,7 +1633,12 @@ class ZZipTest(unittest.TestCase): self.assertLess(len(run.output), 30) self.assertLess(len(errors(run.errors)), 1) self.assertIn(" 3 test", run.output) - self.rm_testdir() + # + run = shell("cd {tmpdir} && ../{exe} {filename} ".format(**locals()), + returncodes = [0]) + self.assertLess(len(run.output), 30) + self.assertEqual(os.path.getsize(tmpdir+"/test"), 3) + self.rm_testdir() def test_59743_zzipdir_mix_CVE_2017_5974(self): """ run unzzip-mix -l $(CVE_2017_5974).zip """ tmpdir = self.testdir() @@ -1738,6 +1651,13 @@ class ZZipTest(unittest.TestCase): self.assertLess(len(run.output), 30) self.assertLess(len(errors(run.errors)), 1) self.assertIn(" 3 test", run.output) + # + run = shell("cd {tmpdir} && ../{exe} {filename} ".format(**locals()), + returncodes = [0]) + self.assertLess(len(run.output), 30) + self.assertLess(len(errors(run.errors)), 1) + self.assertEqual(os.path.getsize(tmpdir+"/test"), 0) # FIXME + # self.assertEqual(os.path.getsize(tmpdir+"/test"), 3) # FIXME self.rm_testdir() def test_59744_zzipdir_zap_CVE_2017_5974(self): """ run unzzip -l $(CVE_2017_5974).zip """ @@ -1751,67 +1671,7 @@ class ZZipTest(unittest.TestCase): self.assertLess(len(run.output), 30) self.assertLess(len(errors(run.errors)), 1) self.assertIn(" 3 test", run.output) - self.rm_testdir() - def test_59745_zzipext_zip_CVE_2017_5974(self): - """ run info' unzip $(CVE_2017_5974).zip """ - tmpdir = self.testdir() - filename = self.zip_CVE_2017_5974 - file_url = self.url_CVE_2017_5974 - download(file_url, filename, tmpdir) - exe = self.bins("unzip") - run = shell("cd {tmpdir} && {exe} -o {filename}".format(**locals()), - returncodes = [0]) - self.assertLess(len(run.output), 90) - self.assertLess(len(errors(run.errors)), 1) - self.assertIn(" extracting: test", run.output) - self.assertEqual(os.path.getsize(tmpdir+"/test"), 3) - self.rm_testdir() - def test_59746_zzipext_big_CVE_2017_5974(self): - """ run unzzip-big $(CVE_2017_5974).zip """ - tmpdir = self.testdir() - filename = self.zip_CVE_2017_5974 - file_url = self.url_CVE_2017_5974 - download(file_url, filename, tmpdir) - exe = self.bins("unzzip-big") - run = shell("cd {tmpdir} && ../{exe} {filename} ".format(**locals()), - returncodes = [0]) - self.assertLess(len(run.output), 30) - self.assertLess(len(errors(run.errors)), 1) - self.assertEqual(os.path.getsize(tmpdir+"/test"), 3) - self.rm_testdir() - def test_59747_zzipext_mem_CVE_2017_5974(self): - """ run unzzip-mem $(CVE_2017_5974).zip """ - tmpdir = self.testdir() - filename = self.zip_CVE_2017_5974 - file_url = self.url_CVE_2017_5974 - download(file_url, filename, tmpdir) - exe = self.bins("unzzip-mem") - run = shell("cd {tmpdir} && ../{exe} {filename} ".format(**locals()), - returncodes = [0]) - self.assertLess(len(run.output), 30) - self.assertEqual(os.path.getsize(tmpdir+"/test"), 3) - self.rm_testdir() - def test_59748_zzipext_mix_CVE_2017_5974(self): - """ run unzzip-mix $(CVE_2017_5974).zip """ - tmpdir = self.testdir() - filename = self.zip_CVE_2017_5974 - file_url = self.url_CVE_2017_5974 - download(file_url, filename, tmpdir) - exe = self.bins("unzzip-mix") - run = shell("cd {tmpdir} && ../{exe} {filename} ".format(**locals()), - returncodes = [0]) - self.assertLess(len(run.output), 30) - self.assertLess(len(errors(run.errors)), 1) - self.assertEqual(os.path.getsize(tmpdir+"/test"), 0) # FIXME - # self.assertEqual(os.path.getsize(tmpdir+"/test"), 3) # FIXME - self.rm_testdir() - def test_59749_zzipext_zap_CVE_2017_5974(self): - """ run unzzip $(CVE_2017_5974).zip """ - tmpdir = self.testdir() - filename = self.zip_CVE_2017_5974 - file_url = self.url_CVE_2017_5974 - download(file_url, filename, tmpdir) - exe = self.bins("unzzip") + # run = shell("cd {tmpdir} && ../{exe} {filename} ".format(**locals()), returncodes = [0]) self.assertLess(len(run.output), 30) @@ -1835,6 +1695,14 @@ class ZZipTest(unittest.TestCase): self.assertIn(' 1 file', run.output) self.assertLess(len(run.output), 330) self.assertLess(len(errors(run.errors)), 430) + # + run = shell("cd {tmpdir} && {exe} -o {filename}".format(**locals()), + returncodes = [2]) + self.assertLess(len(run.output), 90) + self.assertLess(len(errors(run.errors)), 900) + self.assertIn('file #1: bad zipfile offset (local header sig): 127', run.errors) + #self.assertEqual(os.path.getsize(tmpdir+"/test"), 3) + self.assertFalse(os.path.exists(tmpdir+"/test")) self.rm_testdir() def test_59751_zzipdir_big_CVE_2017_5975(self): """ run info-zip -l $(CVE_2017_5975).zip """ @@ -1848,6 +1716,12 @@ class ZZipTest(unittest.TestCase): self.assertLess(len(run.output), 30) self.assertLess(len(errors(run.errors)), 1) self.assertIn(" stored test", run.output) + # + run = shell("cd {tmpdir} && ../{exe} {filename} ".format(**locals()), + returncodes = [0]) + self.assertLess(len(run.output), 30) + self.assertLess(len(errors(run.errors)), 1) + self.assertEqual(os.path.getsize(tmpdir+"/test"), 0) # TODO self.rm_testdir() def test_59752_zzipdir_mem_CVE_2017_5975(self): """ run unzzip-mem -l $(CVE_2017_5975).zip """ @@ -1862,6 +1736,13 @@ class ZZipTest(unittest.TestCase): self.assertLess(len(errors(run.errors)), 180) self.assertIn("zzip_mem_disk_load : unable to load entry", run.errors) self.assertIn("zzip_mem_disk_open : unable to load disk", run.errors) + # + run = shell("cd {tmpdir} && ../{exe} {filename} ".format(**locals()), + returncodes = [0]) + self.assertLess(len(run.output), 30) + self.assertLess(len(errors(run.errors)), 200) + self.assertIn("..(nil)", run.errors) + self.assertFalse(os.path.exists(tmpdir+"/test")) self.rm_testdir() def test_59753_zzipdir_mix_CVE_2017_5975(self): """ run unzzip-mix -l $(CVE_2017_5975).zip """ @@ -1875,6 +1756,13 @@ class ZZipTest(unittest.TestCase): self.assertLess(len(run.output), 1) self.assertLess(len(errors(run.errors)), 180) self.assertTrue(greps(run.errors, "Invalid or")) + # + run = shell("cd {tmpdir} && ../{exe} {filename} ".format(**locals()), + returncodes = [0,2]) + self.assertLess(len(run.output), 30) + self.assertLess(len(errors(run.errors)), 200) + self.assertTrue(greps(run.errors, "Invalid or")) + self.assertFalse(os.path.exists(tmpdir+"/test")) self.rm_testdir() def test_59754_zzipdir_zap_CVE_2017_5975(self): """ run unzzip -l $(CVE_2017_5975).zip """ @@ -1888,70 +1776,7 @@ class ZZipTest(unittest.TestCase): self.assertLess(len(run.output), 1) self.assertLess(len(errors(run.errors)), 180) self.assertIn(": Success", run.errors) - self.rm_testdir() - def test_59755_zipext_info_CVE_2017_5975(self): - """ run info' unzip $(CVE_2017_5975).zip """ - tmpdir = self.testdir() - filename = self.zip_CVE_2017_5975 - file_url = self.url_CVE_2017_5975 - download(file_url, filename, tmpdir) - exe = self.bins("unzip") - run = shell("cd {tmpdir} && {exe} -o {filename}".format(**locals()), - returncodes = [2]) - self.assertLess(len(run.output), 90) - self.assertLess(len(errors(run.errors)), 900) - self.assertIn('file #1: bad zipfile offset (local header sig): 127', run.errors) - #self.assertEqual(os.path.getsize(tmpdir+"/test"), 3) - self.assertFalse(os.path.exists(tmpdir+"/test")) - self.rm_testdir() - def test_59756_zzipext_big_CVE_2017_5975(self): - """ run unzzip-big $(CVE_2017_5975).zip """ - tmpdir = self.testdir() - filename = self.zip_CVE_2017_5975 - file_url = self.url_CVE_2017_5975 - download(file_url, filename, tmpdir) - exe = self.bins("unzzip-big") - run = shell("cd {tmpdir} && ../{exe} {filename} ".format(**locals()), - returncodes = [0]) - self.assertLess(len(run.output), 30) - self.assertLess(len(errors(run.errors)), 1) - self.assertEqual(os.path.getsize(tmpdir+"/test"), 0) # TODO - self.rm_testdir() - def test_59757_zzipext_mem_CVE_2017_5975(self): - """ run unzzip-mem $(CVE_2017_5975).zip """ - tmpdir = self.testdir() - filename = self.zip_CVE_2017_5975 - file_url = self.url_CVE_2017_5975 - download(file_url, filename, tmpdir) - exe = self.bins("unzzip-mem") - run = shell("cd {tmpdir} && ../{exe} {filename} ".format(**locals()), - returncodes = [0]) - self.assertLess(len(run.output), 30) - self.assertLess(len(errors(run.errors)), 200) - self.assertIn("..(nil)", run.errors) - self.assertFalse(os.path.exists(tmpdir+"/test")) - self.rm_testdir() - def test_59758_zzipext_mix_CVE_2017_5975(self): - """ run unzzip-mix $(CVE_2017_5975).zip """ - tmpdir = self.testdir() - filename = self.zip_CVE_2017_5975 - file_url = self.url_CVE_2017_5975 - download(file_url, filename, tmpdir) - exe = self.bins("unzzip-mix") - run = shell("cd {tmpdir} && ../{exe} {filename} ".format(**locals()), - returncodes = [0,2]) - self.assertLess(len(run.output), 30) - self.assertLess(len(errors(run.errors)), 200) - self.assertTrue(greps(run.errors, "Invalid or")) - self.assertFalse(os.path.exists(tmpdir+"/test")) - self.rm_testdir() - def test_59759_zzipext_zap_CVE_2017_5975(self): - """ run unzzip $(CVE_2017_5975).zip """ - tmpdir = self.testdir() - filename = self.zip_CVE_2017_5975 - file_url = self.url_CVE_2017_5975 - download(file_url, filename, tmpdir) - exe = self.bins("unzzip") + # run = shell("cd {tmpdir} && ../{exe} {filename} ".format(**locals()), returncodes = [0,3]) self.assertLess(len(run.output), 30) @@ -1977,6 +1802,15 @@ class ZZipTest(unittest.TestCase): self.assertIn(' 1 file', run.output) self.assertLess(len(run.output), 330) self.assertLess(len(errors(run.errors)), 500) + # + run = shell("cd {tmpdir} && {exe} -o {filename}".format(**locals()), + returncodes = [2]) + self.assertLess(len(run.output), 190) + self.assertLess(len(errors(run.errors)), 900) + self.assertIn("extracting: test", run.output) + self.assertIn('-27 bytes too long', run.errors) + self.assertEqual(os.path.getsize(tmpdir+"/test"), 3) + # self.assertFalse(os.path.exists(tmpdir+"/test")) self.rm_testdir() def test_59761_zzipdir_big_CVE_2017_5976(self): """ run info-zip -l $(CVE_2017_5976).zip """ @@ -1990,6 +1824,12 @@ class ZZipTest(unittest.TestCase): self.assertLess(len(run.output), 30) self.assertLess(len(errors(run.errors)), 1) self.assertIn(" stored test", run.output) + # + run = shell("cd {tmpdir} && ../{exe} {filename} ".format(**locals()), + returncodes = [0]) + self.assertLess(len(run.output), 30) + self.assertLess(len(errors(run.errors)), 1) + self.assertEqual(os.path.getsize(tmpdir+"/test"), 3) self.rm_testdir() def test_59762_zzipdir_mem_CVE_2017_5976(self): """ run unzzip-mem -l $(CVE_2017_5976).zip """ @@ -2003,6 +1843,12 @@ class ZZipTest(unittest.TestCase): self.assertLess(len(run.output), 30) self.assertLess(len(errors(run.errors)), 1) self.assertIn("3 test", run.output) + # + run = shell("cd {tmpdir} && ../{exe} {filename} ".format(**locals()), + returncodes = [0]) + self.assertLess(len(run.output), 30) + self.assertLess(len(errors(run.errors)), 30) # TODO + self.assertEqual(os.path.getsize(tmpdir+"/test"), 3) self.rm_testdir() def test_59763_zzipdir_mix_CVE_2017_5976(self): """ run unzzip-mix -l $(CVE_2017_5976).zip """ @@ -2016,6 +1862,13 @@ class ZZipTest(unittest.TestCase): self.assertLess(len(run.output), 30) self.assertLess(len(errors(run.errors)), 1) self.assertIn("3 test", run.output) + # + run = shell("cd {tmpdir} && ../{exe} {filename} ".format(**locals()), + returncodes = [0]) + self.assertLess(len(run.output), 30) + self.assertLess(len(errors(run.errors)), 30) + self.assertEqual(os.path.getsize(tmpdir+"/test"), 0) # FIXME + # self.assertEqual(os.path.getsize(tmpdir+"/test"), 3) # FIXME self.rm_testdir() def test_59764_zzipdir_zap_CVE_2017_5976(self): """ run unzzip -l $(CVE_2017_5976).zip """ @@ -2029,70 +1882,7 @@ class ZZipTest(unittest.TestCase): self.assertLess(len(run.output), 30) self.assertLess(len(errors(run.errors)), 1) self.assertIn("3 test", run.output) - self.rm_testdir() - def test_59765_zipext_info_CVE_2017_5976(self): - """ run info' unzip $(CVE_2017_5976).zip """ - tmpdir = self.testdir() - filename = self.zip_CVE_2017_5976 - file_url = self.url_CVE_2017_5976 - download(file_url, filename, tmpdir) - exe = self.bins("unzip") - run = shell("cd {tmpdir} && {exe} -o {filename}".format(**locals()), - returncodes = [2]) - self.assertLess(len(run.output), 190) - self.assertLess(len(errors(run.errors)), 900) - self.assertIn("extracting: test", run.output) - self.assertIn('-27 bytes too long', run.errors) - self.assertEqual(os.path.getsize(tmpdir+"/test"), 3) - # self.assertFalse(os.path.exists(tmpdir+"/test")) - self.rm_testdir() - def test_59766_zzipext_big_CVE_2017_5976(self): - """ run unzzip-big $(CVE_2017_5976).zip """ - tmpdir = self.testdir() - filename = self.zip_CVE_2017_5976 - file_url = self.url_CVE_2017_5976 - download(file_url, filename, tmpdir) - exe = self.bins("unzzip-big") - run = shell("cd {tmpdir} && ../{exe} {filename} ".format(**locals()), - returncodes = [0]) - self.assertLess(len(run.output), 30) - self.assertLess(len(errors(run.errors)), 1) - self.assertEqual(os.path.getsize(tmpdir+"/test"), 3) - self.rm_testdir() - def test_59767_zzipext_mem_CVE_2017_5976(self): - """ run unzzip-mem $(CVE_2017_5976).zip """ - tmpdir = self.testdir() - filename = self.zip_CVE_2017_5976 - file_url = self.url_CVE_2017_5976 - download(file_url, filename, tmpdir) - exe = self.bins("unzzip-mem") - run = shell("cd {tmpdir} && ../{exe} {filename} ".format(**locals()), - returncodes = [0]) - self.assertLess(len(run.output), 30) - self.assertLess(len(errors(run.errors)), 30) # TODO - self.assertEqual(os.path.getsize(tmpdir+"/test"), 3) - self.rm_testdir() - def test_59768_zzipext_mix_CVE_2017_5976(self): - """ run unzzip-mix $(CVE_2017_5976).zip """ - tmpdir = self.testdir() - filename = self.zip_CVE_2017_5976 - file_url = self.url_CVE_2017_5976 - download(file_url, filename, tmpdir) - exe = self.bins("unzzip-mix") - run = shell("cd {tmpdir} && ../{exe} {filename} ".format(**locals()), - returncodes = [0]) - self.assertLess(len(run.output), 30) - self.assertLess(len(errors(run.errors)), 30) # TODO - self.assertEqual(os.path.getsize(tmpdir+"/test"), 0) # FIXME - # self.assertEqual(os.path.getsize(tmpdir+"/test"), 3) # FIXME - self.rm_testdir() - def test_59769_zzipext_zap_CVE_2017_5976(self): - """ run unzzip $(CVE_2017_5976).zip """ - tmpdir = self.testdir() - filename = self.zip_CVE_2017_5976 - file_url = self.url_CVE_2017_5976 - download(file_url, filename, tmpdir) - exe = self.bins("unzzip") + # run = shell("cd {tmpdir} && ../{exe} {filename} ".format(**locals()), returncodes = [0]) self.assertLess(len(run.output), 30) @@ -2116,6 +1906,14 @@ class ZZipTest(unittest.TestCase): self.assertIn(' 1 file', run.output) self.assertLess(len(run.output), 330) self.assertLess(len(errors(run.errors)), 500) + # + run = shell("cd {tmpdir} && {exe} -o {filename}".format(**locals()), + returncodes = [3]) + self.assertLess(len(run.output), 90) + self.assertLess(len(errors(run.errors)), 900) + self.assertIn('file #1: bad zipfile offset (lseek)', run.errors) + # self.assertEqual(os.path.getsize(tmpdir+"/test"), 3) + self.assertFalse(os.path.exists(tmpdir+"/test")) self.rm_testdir() def test_59801_zzipdir_big_CVE_2017_5980(self): """ run info-zip -l $(CVE_2017_5980).zip """ @@ -2129,6 +1927,13 @@ class ZZipTest(unittest.TestCase): self.assertLess(len(run.output), 30) self.assertLess(len(errors(run.errors)), 1) self.assertIn(" stored (null)", run.output) + # + run = shell("cd {tmpdir} && ../{exe} {filename} ".format(**locals()), + returncodes = [0,1]) + self.assertLess(len(run.output), 30) + self.assertLess(len(errors(run.errors)), 1) + # self.assertEqual(os.path.getsize(tmpdir+"/test"), 3) + self.assertFalse(os.path.exists(tmpdir+"/test")) self.rm_testdir() def test_59802_zzipdir_mem_CVE_2017_5980(self): """ run unzzip-mem -l $(CVE_2017_5980).zip """ @@ -2142,6 +1947,13 @@ class ZZipTest(unittest.TestCase): self.assertLess(len(run.output), 1) self.assertLess(len(errors(run.errors)), 180) self.assertTrue(greps(run.errors, "unable to load disk")) + # + run = shell("cd {tmpdir} && ../{exe} {filename} ".format(**locals()), + returncodes = [0]) + self.assertLess(len(run.output), 30) + self.assertLess(len(errors(run.errors)), 200) + self.assertFalse(os.path.exists(tmpdir+"/test")) + # self.assertEqual(os.path.getsize(tmpdir+"/test"), 3) self.rm_testdir() def test_59803_zzipdir_mix_CVE_2017_5980(self): """ run unzzip-mix -l $(CVE_2017_5980).zip """ @@ -2155,71 +1967,7 @@ class ZZipTest(unittest.TestCase): self.assertLess(len(run.output), 1) self.assertLess(len(errors(run.errors)), 180) self.assertTrue(greps(run.errors, "Invalid or")) - self.rm_testdir() - def test_59804_zzipdir_zap_CVE_2017_5980(self): - """ run unzzip -l $(CVE_2017_5980).zip """ - tmpdir = self.testdir() - filename = self.zip_CVE_2017_5980 - file_url = self.url_CVE_2017_5980 - download(file_url, filename, tmpdir) - exe = self.bins("unzzip") - run = shell("{exe} -l {tmpdir}/{filename} ".format(**locals()), - returncodes = [3]) - self.assertLess(len(run.output), 1) - self.assertLess(len(errors(run.errors)), 180) - self.assertIn(": Success", run.errors) - self.rm_testdir() - def test_59805_zipext_info_CVE_2017_5980(self): - """ run info' unzip $(CVE_2017_5980).zip """ - tmpdir = self.testdir() - filename = self.zip_CVE_2017_5980 - file_url = self.url_CVE_2017_5980 - download(file_url, filename, tmpdir) - exe = self.bins("unzip") - run = shell("cd {tmpdir} && {exe} -o {filename}".format(**locals()), - returncodes = [3]) - self.assertLess(len(run.output), 90) - self.assertLess(len(errors(run.errors)), 900) - self.assertIn('file #1: bad zipfile offset (lseek)', run.errors) - # self.assertEqual(os.path.getsize(tmpdir+"/test"), 3) - self.assertFalse(os.path.exists(tmpdir+"/test")) - self.rm_testdir() - # @unittest.expectedFailure - def test_59806_zzipext_big_CVE_2017_5980(self): - """ run unzzip-big $(CVE_2017_5980).zip """ - tmpdir = self.testdir() - filename = self.zip_CVE_2017_5980 - file_url = self.url_CVE_2017_5980 - download(file_url, filename, tmpdir) - exe = self.bins("unzzip-big") - run = shell("cd {tmpdir} && ../{exe} {filename} ".format(**locals()), - returncodes = [0,1]) - self.assertLess(len(run.output), 30) - self.assertLess(len(errors(run.errors)), 1) - # self.assertEqual(os.path.getsize(tmpdir+"/test"), 3) - self.assertFalse(os.path.exists(tmpdir+"/test")) - self.rm_testdir() - def test_59807_zzipext_mem_CVE_2017_5980(self): - """ run unzzip-mem $(CVE_2017_5980).zip """ - tmpdir = self.testdir() - filename = self.zip_CVE_2017_5980 - file_url = self.url_CVE_2017_5980 - download(file_url, filename, tmpdir) - exe = self.bins("unzzip-mem") - run = shell("cd {tmpdir} && ../{exe} {filename} ".format(**locals()), - returncodes = [0]) - self.assertLess(len(run.output), 30) - self.assertLess(len(errors(run.errors)), 200) - self.assertFalse(os.path.exists(tmpdir+"/test")) - # self.assertEqual(os.path.getsize(tmpdir+"/test"), 3) - self.rm_testdir() - def test_59808_zzipext_mix_CVE_2017_5980(self): - """ run unzzip-mix $(CVE_2017_5980).zip """ - tmpdir = self.testdir() - filename = self.zip_CVE_2017_5980 - file_url = self.url_CVE_2017_5980 - download(file_url, filename, tmpdir) - exe = self.bins("unzzip-mix") + # run = shell("cd {tmpdir} && ../{exe} {filename} ".format(**locals()), returncodes = [2]) self.assertLess(len(run.output), 30) @@ -2227,13 +1975,19 @@ class ZZipTest(unittest.TestCase): self.assertFalse(os.path.exists(tmpdir+"/test")) # self.assertEqual(os.path.getsize(tmpdir+"/test"), 3) self.rm_testdir() - def test_59809_zzipext_zap_CVE_2017_5980(self): - """ run unzzip $(CVE_2017_5980).zip """ + def test_59804_zzipdir_zap_CVE_2017_5980(self): + """ run unzzip -l $(CVE_2017_5980).zip """ tmpdir = self.testdir() filename = self.zip_CVE_2017_5980 file_url = self.url_CVE_2017_5980 download(file_url, filename, tmpdir) exe = self.bins("unzzip") + run = shell("{exe} -l {tmpdir}/{filename} ".format(**locals()), + returncodes = [3]) + self.assertLess(len(run.output), 1) + self.assertLess(len(errors(run.errors)), 180) + self.assertIn(": Success", run.errors) + # run = shell("cd {tmpdir} && ../{exe} {filename} ".format(**locals()), returncodes = [3]) # TODO self.assertLess(len(run.output), 30) @@ -2257,63 +2011,7 @@ class ZZipTest(unittest.TestCase): self.assertIn("zipfile corrupt", run.errors) self.assertLess(len(run.output), 80) self.assertLess(len(errors(run.errors)), 500) - self.rm_testdir() - def test_59811_zzipdir_big_CVE_2017_5981(self): - """ run info-zip -l $(CVE_2017_5981).zip """ - tmpdir = self.testdir() - filename = self.zip_CVE_2017_5981 - file_url = self.url_CVE_2017_5981 - download(file_url, filename, tmpdir) - exe = self.bins("unzzip-big") - run = shell("{exe} -l {tmpdir}/{filename} ".format(**locals()), - returncodes = [0]) - self.assertLess(len(run.output), 1) - self.assertLess(len(errors(run.errors)), 1) - self.rm_testdir() - def test_59812_zzipdir_mem_CVE_2017_5981(self): - """ run unzzip-mem -l $(CVE_2017_5981).zip """ - tmpdir = self.testdir() - filename = self.zip_CVE_2017_5981 - file_url = self.url_CVE_2017_5981 - download(file_url, filename, tmpdir) - exe = self.bins("unzzip-mem") - run = shell("{exe} -l {tmpdir}/{filename} ".format(**locals()), - returncodes = [0]) - self.assertLess(len(run.output), 1) - self.assertLess(len(errors(run.errors)), 1) - self.rm_testdir() - def test_59813_zzipdir_mix_CVE_2017_5981(self): - """ run unzzip-mix -l $(CVE_2017_5981).zip """ - tmpdir = self.testdir() - filename = self.zip_CVE_2017_5981 - file_url = self.url_CVE_2017_5981 - download(file_url, filename, tmpdir) - exe = self.bins("unzzip-mix") - run = shell("{exe} -l {tmpdir}/{filename} ".format(**locals()), - returncodes = [0,2]) - self.assertLess(len(run.output), 1) - self.assertTrue(greps(run.errors, "Invalid or")) - self.rm_testdir() - def test_59814_zzipdir_zap_CVE_2017_5981(self): - """ run unzzip-zap -l $(CVE_2017_5981).zip """ - tmpdir = self.testdir() - filename = self.zip_CVE_2017_5981 - file_url = self.url_CVE_2017_5981 - download(file_url, filename, tmpdir) - exe = self.bins("unzzip") - run = shell("{exe} -l {tmpdir}/{filename} ".format(**locals()), - returncodes = [0,3]) - self.assertLess(len(run.output), 1) - self.assertLess(len(errors(run.errors)), 80) - self.assertIn(": Success", run.errors) - self.rm_testdir() - def test_59815_zipext_info_CVE_2017_5981(self): - """ run info' unzip $(CVE_2017_5981).zip """ - tmpdir = self.testdir() - filename = self.zip_CVE_2017_5981 - file_url = self.url_CVE_2017_5981 - download(file_url, filename, tmpdir) - exe = self.bins("unzip") + # run = shell("cd {tmpdir} && {exe} -o {filename}".format(**locals()), returncodes = [3]) self.assertLess(len(run.output), 90) @@ -2322,13 +2020,18 @@ class ZZipTest(unittest.TestCase): # self.assertEqual(os.path.getsize(tmpdir+"/test"), 3) self.assertFalse(os.path.exists(tmpdir+"/test")) self.rm_testdir() - def test_59816_zzipext_big_CVE_2017_5981(self): - """ run unzzip-big $(CVE_2017_5981).zip """ + def test_59811_zzipdir_big_CVE_2017_5981(self): + """ run info-zip -l $(CVE_2017_5981).zip """ tmpdir = self.testdir() filename = self.zip_CVE_2017_5981 file_url = self.url_CVE_2017_5981 download(file_url, filename, tmpdir) exe = self.bins("unzzip-big") + run = shell("{exe} -l {tmpdir}/{filename} ".format(**locals()), + returncodes = [0]) + self.assertLess(len(run.output), 1) + self.assertLess(len(errors(run.errors)), 1) + # run = shell("cd {tmpdir} && ../{exe} {filename} ".format(**locals()), returncodes = [0]) self.assertLess(len(run.output), 30) @@ -2336,13 +2039,18 @@ class ZZipTest(unittest.TestCase): # self.assertEqual(os.path.getsize(tmpdir+"/test"), 3) self.assertFalse(os.path.exists(tmpdir+"/test")) self.rm_testdir() - def test_59817_zzipext_mem_CVE_2017_5981(self): - """ run unzzip-mem $(CVE_2017_5981).zip """ + def test_59812_zzipdir_mem_CVE_2017_5981(self): + """ run unzzip-mem -l $(CVE_2017_5981).zip """ tmpdir = self.testdir() filename = self.zip_CVE_2017_5981 file_url = self.url_CVE_2017_5981 download(file_url, filename, tmpdir) exe = self.bins("unzzip-mem") + run = shell("{exe} -l {tmpdir}/{filename} ".format(**locals()), + returncodes = [0]) + self.assertLess(len(run.output), 1) + self.assertLess(len(errors(run.errors)), 1) + # run = shell("cd {tmpdir} && ../{exe} {filename} ".format(**locals()), returncodes = [0]) self.assertLess(len(run.output), 30) @@ -2350,13 +2058,18 @@ class ZZipTest(unittest.TestCase): # self.assertEqual(os.path.getsize(tmpdir+"/test"), 3) self.assertFalse(os.path.exists(tmpdir+"/test")) self.rm_testdir() - def test_59818_zzipext_mix_CVE_2017_5981(self): - """ run unzzip-mix $(CVE_2017_5981).zip """ + def test_59813_zzipdir_mix_CVE_2017_5981(self): + """ run unzzip-mix -l $(CVE_2017_5981).zip """ tmpdir = self.testdir() filename = self.zip_CVE_2017_5981 file_url = self.url_CVE_2017_5981 download(file_url, filename, tmpdir) exe = self.bins("unzzip-mix") + run = shell("{exe} -l {tmpdir}/{filename} ".format(**locals()), + returncodes = [0,2]) + self.assertLess(len(run.output), 1) + self.assertTrue(greps(run.errors, "Invalid or")) + # run = shell("cd {tmpdir} && ../{exe} {filename} ".format(**locals()), returncodes = [0,2]) self.assertLess(len(run.output), 30) @@ -2364,13 +2077,19 @@ class ZZipTest(unittest.TestCase): # self.assertEqual(os.path.getsize(tmpdir+"/test"), 3) self.assertFalse(os.path.exists(tmpdir+"/test")) self.rm_testdir() - def test_59819_zzipext_zap_CVE_2017_5981(self): - """ run unzzip $(CVE_2017_5981).zip """ + def test_59814_zzipdir_zap_CVE_2017_5981(self): + """ run unzzip-zap -l $(CVE_2017_5981).zip """ tmpdir = self.testdir() filename = self.zip_CVE_2017_5981 file_url = self.url_CVE_2017_5981 download(file_url, filename, tmpdir) exe = self.bins("unzzip") + run = shell("{exe} -l {tmpdir}/{filename} ".format(**locals()), + returncodes = [0,3]) + self.assertLess(len(run.output), 1) + self.assertLess(len(errors(run.errors)), 80) + self.assertIn(": Success", run.errors) + # run = shell("cd {tmpdir} && ../{exe} {filename} ".format(**locals()), returncodes = [0,3]) self.assertLess(len(run.output), 30) @@ -2394,6 +2113,14 @@ class ZZipTest(unittest.TestCase): self.assertIn("End-of-central-directory signature not found", run.errors) self.assertLess(len(run.output), 80) self.assertLess(len(errors(run.errors)), 600) + # + run = shell("cd {tmpdir} && {exe} -o {filename}".format(**locals()), + returncodes = [9]) + self.assertLess(len(run.output), 90) + self.assertLess(len(errors(run.errors)), 600) + self.assertIn('End-of-central-directory signature not found', run.errors) + # self.assertEqual(os.path.getsize(tmpdir+"/test"), 3) + self.assertFalse(os.path.exists(tmpdir+"/test")) self.rm_testdir() def test_63011(self): """ unzzip-big -l $(CVE).zip """ @@ -2406,6 +2133,13 @@ class ZZipTest(unittest.TestCase): returncodes = [0]) self.assertLess(len(run.output), 1) self.assertLess(len(errors(run.errors)), 1) + # + run = shell("cd {tmpdir} && ../{exe} {filename} ".format(**locals()), + returncodes = [0]) + self.assertLess(len(run.output), 30) + self.assertLess(len(errors(run.errors)), 1) + # self.assertEqual(os.path.getsize(tmpdir+"/test"), 3) + self.assertFalse(os.path.exists(tmpdir+"/test")) self.rm_testdir() def test_63012(self): """ unzzip-mem -l $(CVE).zip """ @@ -2418,6 +2152,13 @@ class ZZipTest(unittest.TestCase): returncodes = [0]) self.assertLess(len(run.output), 1) self.assertLess(len(errors(run.errors)), 1) + # + run = shell("cd {tmpdir} && ../{exe} {filename} ".format(**locals()), + returncodes = [0]) + self.assertLess(len(run.output), 30) + self.assertLess(len(errors(run.errors)), 10) + # self.assertEqual(os.path.getsize(tmpdir+"/test"), 3) + self.assertFalse(os.path.exists(tmpdir+"/test")) self.rm_testdir() def test_63013(self): """ unzzip-mix -l $(CVE).zip """ @@ -2430,6 +2171,13 @@ class ZZipTest(unittest.TestCase): returncodes = [0,2]) self.assertLess(len(run.output), 1) self.assertTrue(greps(run.errors, ".zip: No medium found")) + # + run = shell("cd {tmpdir} && ../{exe} {filename} ".format(**locals()), + returncodes = [0,2]) + self.assertLess(len(run.output), 30) + self.assertLess(len(errors(run.errors)), 10) + # self.assertEqual(os.path.getsize(tmpdir+"/test"), 3) + self.assertFalse(os.path.exists(tmpdir+"/test")) self.rm_testdir() def test_63014(self): """ unzzip-zap -l $(CVE).zip """ @@ -2443,14 +2191,30 @@ class ZZipTest(unittest.TestCase): self.assertLess(len(run.output), 1) self.assertLess(len(errors(run.errors)), 80) self.assertIn(": Success", run.errors) + # + run = shell("cd {tmpdir} && ../{exe} {filename} ".format(**locals()), + returncodes = [0,3]) + self.assertLess(len(run.output), 30) + self.assertLess(len(errors(run.errors)), 10) + # self.assertEqual(os.path.getsize(tmpdir+"/test"), 3) + self.assertFalse(os.path.exists(tmpdir+"/test")) self.rm_testdir() - def test_63015(self): - """ info unzip $(CVE).zip """ + + url_CVE_2018_11 = "https://github.com/ProbeFuzzer/poc/blob/master/zziplib" + zip_CVE_2018_11 = "zziplib_0-13-67_unzzip_infinite-loop_unzzip_cat_file.zip" + def test_63110(self): + """ info unzip -l $(CVE).zip """ tmpdir = self.testdir() - filename = self.zip_CVE_2018_10 - file_url = self.url_CVE_2018_10 + filename = self.zip_CVE_2018_11 + file_url = self.url_CVE_2018_11 download(file_url, filename, tmpdir) exe = self.bins("unzip") + run = shell("{exe} -l {tmpdir}/{filename} ".format(**locals()), + returncodes = [0, 9]) + self.assertIn("End-of-central-directory signature not found", run.errors) + self.assertLess(len(run.output), 90) + self.assertLess(len(errors(run.errors)), 600) + # run = shell("cd {tmpdir} && {exe} -o {filename}".format(**locals()), returncodes = [9]) self.assertLess(len(run.output), 90) @@ -2459,13 +2223,18 @@ class ZZipTest(unittest.TestCase): # self.assertEqual(os.path.getsize(tmpdir+"/test"), 3) self.assertFalse(os.path.exists(tmpdir+"/test")) self.rm_testdir() - def test_63016(self): - """ unzzip-big $(CVE).zip """ + def test_63111(self): + """ unzzip-big -l $(CVE).zip """ tmpdir = self.testdir() - filename = self.zip_CVE_2018_10 - file_url = self.url_CVE_2018_10 + filename = self.zip_CVE_2018_11 + file_url = self.url_CVE_2018_11 download(file_url, filename, tmpdir) exe = self.bins("unzzip-big") + run = shell("{exe} -l {tmpdir}/{filename} ".format(**locals()), + returncodes = [0]) + self.assertLess(len(run.output), 1) + self.assertLess(len(errors(run.errors)), 1) + # run = shell("cd {tmpdir} && ../{exe} {filename} ".format(**locals()), returncodes = [0]) self.assertLess(len(run.output), 30) @@ -2473,13 +2242,18 @@ class ZZipTest(unittest.TestCase): # self.assertEqual(os.path.getsize(tmpdir+"/test"), 3) self.assertFalse(os.path.exists(tmpdir+"/test")) self.rm_testdir() - def test_63017(self): - """ unzzip-mem $(CVE).zip """ + def test_63112(self): + """ unzzip-mem -l $(CVE).zip """ tmpdir = self.testdir() - filename = self.zip_CVE_2018_10 - file_url = self.url_CVE_2018_10 + filename = self.zip_CVE_2018_11 + file_url = self.url_CVE_2018_11 download(file_url, filename, tmpdir) exe = self.bins("unzzip-mem") + run = shell("{exe} -l {tmpdir}/{filename} ".format(**locals()), + returncodes = [0]) + self.assertLess(len(run.output), 1) + self.assertLess(len(errors(run.errors)), 1) + # run = shell("cd {tmpdir} && ../{exe} {filename} ".format(**locals()), returncodes = [0]) self.assertLess(len(run.output), 30) @@ -2487,13 +2261,18 @@ class ZZipTest(unittest.TestCase): # self.assertEqual(os.path.getsize(tmpdir+"/test"), 3) self.assertFalse(os.path.exists(tmpdir+"/test")) self.rm_testdir() - def test_63018(self): - """ unzzip-mix $(CVE).zip """ + def test_63113(self): + """ unzzip-mix -l $(CVE).zip """ tmpdir = self.testdir() - filename = self.zip_CVE_2018_10 - file_url = self.url_CVE_2018_10 + filename = self.zip_CVE_2018_11 + file_url = self.url_CVE_2018_11 download(file_url, filename, tmpdir) exe = self.bins("unzzip-mix") + run = shell("{exe} -l {tmpdir}/{filename} ".format(**locals()), + returncodes = [0,2]) + self.assertLess(len(run.output), 1) + self.assertTrue(greps(run.errors, ".zip: No medium found")) + # run = shell("cd {tmpdir} && ../{exe} {filename} ".format(**locals()), returncodes = [0,2]) self.assertLess(len(run.output), 30) @@ -2501,174 +2280,53 @@ class ZZipTest(unittest.TestCase): # self.assertEqual(os.path.getsize(tmpdir+"/test"), 3) self.assertFalse(os.path.exists(tmpdir+"/test")) self.rm_testdir() - def test_63019(self): - """ unzzip $(CVE).zip """ + def test_63114(self): + """ unzzip-zap -l $(CVE).zip """ tmpdir = self.testdir() - filename = self.zip_CVE_2018_10 - file_url = self.url_CVE_2018_10 + filename = self.zip_CVE_2018_11 + file_url = self.url_CVE_2018_11 download(file_url, filename, tmpdir) exe = self.bins("unzzip") + run = shell("{exe} -l {tmpdir}/{filename} ".format(**locals()), + returncodes = [0,3]) + self.assertLess(len(run.output), 1) + self.assertLess(len(errors(run.errors)), 90) + self.assertIn(": Success", run.errors) + # run = shell("cd {tmpdir} && ../{exe} {filename} ".format(**locals()), returncodes = [0,3]) self.assertLess(len(run.output), 30) self.assertLess(len(errors(run.errors)), 10) # self.assertEqual(os.path.getsize(tmpdir+"/test"), 3) self.assertFalse(os.path.exists(tmpdir+"/test")) + # + run = shell("cd {tmpdir} && ../{exe} -p {filename} ".format(**locals()), + returncodes = [0,3]) self.rm_testdir() - url_CVE_2018_11 = "https://github.com/ProbeFuzzer/poc/blob/master/zziplib" - zip_CVE_2018_11 = "zziplib_0-13-67_unzzip_infinite-loop_unzzip_cat_file.zip" - def test_63110(self): + url_CVE_2018_12 = "https://github.com/ProbeFuzzer/poc/blob/master/zziplib" + zip_CVE_2018_12 = "zziplib_0-13-67_unzip-mem_buffer-access-with-incorrect-length-value_zzip_disk_fread.zip" + def test_63810(self): """ info unzip -l $(CVE).zip """ tmpdir = self.testdir() - filename = self.zip_CVE_2018_11 - file_url = self.url_CVE_2018_11 + filename = self.zip_CVE_2018_12 + file_url = self.url_CVE_2018_12 download(file_url, filename, tmpdir) exe = self.bins("unzip") run = shell("{exe} -l {tmpdir}/{filename} ".format(**locals()), returncodes = [0, 9]) self.assertIn("End-of-central-directory signature not found", run.errors) - self.assertLess(len(run.output), 90) - self.assertLess(len(errors(run.errors)), 600) - self.rm_testdir() - def test_63111(self): - """ unzzip-big -l $(CVE).zip """ - tmpdir = self.testdir() - filename = self.zip_CVE_2018_11 - file_url = self.url_CVE_2018_11 - download(file_url, filename, tmpdir) - exe = self.bins("unzzip-big") - run = shell("{exe} -l {tmpdir}/{filename} ".format(**locals()), - returncodes = [0]) - self.assertLess(len(run.output), 1) - self.assertLess(len(errors(run.errors)), 1) - self.rm_testdir() - def test_63112(self): - """ unzzip-mem -l $(CVE).zip """ - tmpdir = self.testdir() - filename = self.zip_CVE_2018_11 - file_url = self.url_CVE_2018_11 - download(file_url, filename, tmpdir) - exe = self.bins("unzzip-mem") - run = shell("{exe} -l {tmpdir}/{filename} ".format(**locals()), - returncodes = [0]) - self.assertLess(len(run.output), 1) - self.assertLess(len(errors(run.errors)), 1) - self.rm_testdir() - def test_63113(self): - """ unzzip-mix -l $(CVE).zip """ - tmpdir = self.testdir() - filename = self.zip_CVE_2018_11 - file_url = self.url_CVE_2018_11 - download(file_url, filename, tmpdir) - exe = self.bins("unzzip-mix") - run = shell("{exe} -l {tmpdir}/{filename} ".format(**locals()), - returncodes = [0,2]) - self.assertLess(len(run.output), 1) - self.assertTrue(greps(run.errors, ".zip: No medium found")) - self.rm_testdir() - def test_63114(self): - """ unzzip-zap -l $(CVE).zip """ - tmpdir = self.testdir() - filename = self.zip_CVE_2018_11 - file_url = self.url_CVE_2018_11 - download(file_url, filename, tmpdir) - exe = self.bins("unzzip") - run = shell("{exe} -l {tmpdir}/{filename} ".format(**locals()), - returncodes = [0,3]) - self.assertLess(len(run.output), 1) - self.assertLess(len(errors(run.errors)), 90) - self.assertIn(": Success", run.errors) - self.rm_testdir() - def test_63115(self): - """ info unzip $(CVE).zip """ - tmpdir = self.testdir() - filename = self.zip_CVE_2018_11 - file_url = self.url_CVE_2018_11 - download(file_url, filename, tmpdir) - exe = self.bins("unzip") + self.assertLess(len(run.output), 200) + self.assertLess(len(errors(run.errors)), 800) + # run = shell("cd {tmpdir} && {exe} -o {filename}".format(**locals()), returncodes = [9]) - self.assertLess(len(run.output), 90) - self.assertLess(len(errors(run.errors)), 600) + self.assertLess(len(run.output), 200) + self.assertLess(len(errors(run.errors)), 800) self.assertIn('End-of-central-directory signature not found', run.errors) # self.assertEqual(os.path.getsize(tmpdir+"/test"), 3) self.assertFalse(os.path.exists(tmpdir+"/test")) self.rm_testdir() - def test_63116(self): - """ unzzip-big $(CVE).zip """ - tmpdir = self.testdir() - filename = self.zip_CVE_2018_11 - file_url = self.url_CVE_2018_11 - download(file_url, filename, tmpdir) - exe = self.bins("unzzip-big") - run = shell("cd {tmpdir} && ../{exe} {filename} ".format(**locals()), - returncodes = [0]) - self.assertLess(len(run.output), 30) - self.assertLess(len(errors(run.errors)), 1) - # self.assertEqual(os.path.getsize(tmpdir+"/test"), 3) - self.assertFalse(os.path.exists(tmpdir+"/test")) - self.rm_testdir() - def test_63117(self): - """ unzzip-mem $(CVE).zip """ - tmpdir = self.testdir() - filename = self.zip_CVE_2018_11 - file_url = self.url_CVE_2018_11 - download(file_url, filename, tmpdir) - exe = self.bins("unzzip-mem") - run = shell("cd {tmpdir} && ../{exe} {filename} ".format(**locals()), - returncodes = [0]) - self.assertLess(len(run.output), 30) - self.assertLess(len(errors(run.errors)), 10) - # self.assertEqual(os.path.getsize(tmpdir+"/test"), 3) - self.assertFalse(os.path.exists(tmpdir+"/test")) - self.rm_testdir() - def test_63118(self): - """ unzzip-mix $(CVE).zip """ - tmpdir = self.testdir() - filename = self.zip_CVE_2018_11 - file_url = self.url_CVE_2018_11 - download(file_url, filename, tmpdir) - exe = self.bins("unzzip-mix") - run = shell("cd {tmpdir} && ../{exe} {filename} ".format(**locals()), - returncodes = [0,2]) - self.assertLess(len(run.output), 30) - self.assertLess(len(errors(run.errors)), 10) - # self.assertEqual(os.path.getsize(tmpdir+"/test"), 3) - self.assertFalse(os.path.exists(tmpdir+"/test")) - self.rm_testdir() - def test_63119(self): - """ unzzip $(CVE).zip """ - tmpdir = self.testdir() - filename = self.zip_CVE_2018_11 - file_url = self.url_CVE_2018_11 - download(file_url, filename, tmpdir) - exe = self.bins("unzzip") - run = shell("cd {tmpdir} && ../{exe} -p {filename} ".format(**locals()), - returncodes = [0,3]) - run = shell("cd {tmpdir} && ../{exe} {filename} ".format(**locals()), - returncodes = [0,3]) - self.assertLess(len(run.output), 30) - self.assertLess(len(errors(run.errors)), 10) - # self.assertEqual(os.path.getsize(tmpdir+"/test"), 3) - self.assertFalse(os.path.exists(tmpdir+"/test")) - self.rm_testdir() - - url_CVE_2018_12 = "https://github.com/ProbeFuzzer/poc/blob/master/zziplib" - zip_CVE_2018_12 = "zziplib_0-13-67_unzip-mem_buffer-access-with-incorrect-length-value_zzip_disk_fread.zip" - def test_63810(self): - """ info unzip -l $(CVE).zip """ - tmpdir = self.testdir() - filename = self.zip_CVE_2018_12 - file_url = self.url_CVE_2018_12 - download(file_url, filename, tmpdir) - exe = self.bins("unzip") - run = shell("{exe} -l {tmpdir}/{filename} ".format(**locals()), - returncodes = [0, 9]) - self.assertIn("End-of-central-directory signature not found", run.errors) - self.assertLess(len(run.output), 200) - self.assertLess(len(errors(run.errors)), 800) - self.rm_testdir() def test_63811(self): """ unzzip-big -l $(CVE).zip """ tmpdir = self.testdir() @@ -2680,66 +2338,7 @@ class ZZipTest(unittest.TestCase): returncodes = [0]) self.assertLess(len(run.output), 1) self.assertLess(len(errors(run.errors)), 1) - self.rm_testdir() - def test_63812(self): - """ unzzip-mem -l $(CVE).zip """ - tmpdir = self.testdir() - filename = self.zip_CVE_2018_12 - file_url = self.url_CVE_2018_12 - download(file_url, filename, tmpdir) - exe = self.bins("unzzip-mem") - run = shell("{exe} -l {tmpdir}/{filename} ".format(**locals()), - returncodes = [0]) - self.assertLess(len(run.output), 1) - self.assertLess(len(errors(run.errors)), 1) - self.rm_testdir() - def test_63813(self): - """ unzzip-mix -l $(CVE).zip """ - tmpdir = self.testdir() - filename = self.zip_CVE_2018_12 - file_url = self.url_CVE_2018_12 - download(file_url, filename, tmpdir) - exe = self.bins("unzzip-mix") - run = shell("{exe} -l {tmpdir}/{filename} ".format(**locals()), - returncodes = [0,2]) - self.assertLess(len(run.output), 1) - self.assertTrue(grep(run.errors, "central directory not found")) - self.rm_testdir() - def test_63814(self): - """ unzzip-zap -l $(CVE).zip """ - tmpdir = self.testdir() - filename = self.zip_CVE_2018_12 - file_url = self.url_CVE_2018_12 - download(file_url, filename, tmpdir) - exe = self.bins("unzzip") - run = shell("{exe} -l {tmpdir}/{filename} ".format(**locals()), - returncodes = [0,3]) - self.assertLess(len(run.output), 1) - self.assertLess(len(errors(run.errors)), 200) - self.assertIn(": Success", run.errors) - self.rm_testdir() - def test_63815(self): - """ info unzip $(CVE).zip """ - tmpdir = self.testdir() - filename = self.zip_CVE_2018_12 - file_url = self.url_CVE_2018_12 - download(file_url, filename, tmpdir) - exe = self.bins("unzip") - run = shell("cd {tmpdir} && {exe} -o {filename}".format(**locals()), - returncodes = [9]) - self.assertLess(len(run.output), 200) - self.assertLess(len(errors(run.errors)), 800) - self.assertIn('End-of-central-directory signature not found', run.errors) - # self.assertEqual(os.path.getsize(tmpdir+"/test"), 3) - self.assertFalse(os.path.exists(tmpdir+"/test")) - self.rm_testdir() - def test_63816(self): - """ unzzip-big $(CVE).zip """ - tmpdir = self.testdir() - filename = self.zip_CVE_2018_12 - file_url = self.url_CVE_2018_12 - download(file_url, filename, tmpdir) - exe = self.bins("unzzip-big") + # run = shell("cd {tmpdir} && ../{exe} {filename} ".format(**locals()), returncodes = [0]) self.assertLess(len(run.output), 30) @@ -2747,13 +2346,18 @@ class ZZipTest(unittest.TestCase): # self.assertEqual(os.path.getsize(tmpdir+"/test"), 3) self.assertFalse(os.path.exists(tmpdir+"/test")) self.rm_testdir() - def test_63817(self): - """ unzzip-mem $(CVE).zip """ + def test_63812(self): + """ unzzip-mem -l $(CVE).zip """ tmpdir = self.testdir() filename = self.zip_CVE_2018_12 file_url = self.url_CVE_2018_12 download(file_url, filename, tmpdir) exe = self.bins("unzzip-mem") + run = shell("{exe} -l {tmpdir}/{filename} ".format(**locals()), + returncodes = [0]) + self.assertLess(len(run.output), 1) + self.assertLess(len(errors(run.errors)), 1) + # run = shell("cd {tmpdir} && ../{exe} {filename} ".format(**locals()), returncodes = [0]) self.assertLess(len(run.output), 30) @@ -2761,13 +2365,18 @@ class ZZipTest(unittest.TestCase): # self.assertEqual(os.path.getsize(tmpdir+"/test"), 3) self.assertFalse(os.path.exists(tmpdir+"/test")) self.rm_testdir() - def test_63818(self): - """ unzzip-mix $(CVE).zip """ + def test_63813(self): + """ unzzip-mix -l $(CVE).zip """ tmpdir = self.testdir() filename = self.zip_CVE_2018_12 file_url = self.url_CVE_2018_12 download(file_url, filename, tmpdir) exe = self.bins("unzzip-mix") + run = shell("{exe} -l {tmpdir}/{filename} ".format(**locals()), + returncodes = [0,2]) + self.assertLess(len(run.output), 1) + self.assertTrue(grep(run.errors, "central directory not found")) + # run = shell("cd {tmpdir} && ../{exe} {filename} ".format(**locals()), returncodes = [0,2]) self.assertLess(len(run.output), 30) @@ -2775,148 +2384,19 @@ class ZZipTest(unittest.TestCase): # self.assertEqual(os.path.getsize(tmpdir+"/test"), 3) self.assertFalse(os.path.exists(tmpdir+"/test")) self.rm_testdir() - def test_63819(self): - """ unzzip $(CVE).zip """ + def test_63814(self): + """ unzzip-zap -l $(CVE).zip """ tmpdir = self.testdir() filename = self.zip_CVE_2018_12 file_url = self.url_CVE_2018_12 download(file_url, filename, tmpdir) exe = self.bins("unzzip") - run = shell("cd {tmpdir} && ../{exe} {filename} ".format(**locals()), - returncodes = [0,3]) - self.assertLess(len(run.output), 30) - self.assertLess(len(errors(run.errors)), 10) - # self.assertEqual(os.path.getsize(tmpdir+"/test"), 3) - self.assertFalse(os.path.exists(tmpdir+"/test")) - self.rm_testdir() - - url_CVE_2018_14 = "https://github.com/ProbeFuzzer/poc/blob/master/zziplib" - zip_CVE_2018_14 = "zziplib_0-13-67_zzdir_memory-alignment-errors___zzip_fetch_disk_trailer.zip" - def test_64840(self): - """ info unzip -l $(CVE).zip """ - tmpdir = self.testdir() - filename = self.zip_CVE_2018_14 - file_url = self.url_CVE_2018_14 - download(file_url, filename, tmpdir) - exe = self.bins("unzip") - run = shell("{exe} -l {tmpdir}/{filename} ".format(**locals()), - returncodes = [0, 9]) - self.assertIn("End-of-central-directory signature not found", run.errors) - self.assertLess(len(run.output), 200) - self.assertLess(len(errors(run.errors)), 800) - self.rm_testdir() - def test_64841(self): - """ unzzip-big -l $(CVE).zip """ - tmpdir = self.testdir() - filename = self.zip_CVE_2018_14 - file_url = self.url_CVE_2018_14 - download(file_url, filename, tmpdir) - exe = self.bins("unzzip-big") - run = shell("{exe} -l {tmpdir}/{filename} ".format(**locals()), - returncodes = [0]) - self.assertLess(len(run.output), 1) - self.assertLess(len(errors(run.errors)), 1) - self.rm_testdir() - def test_64842(self): - """ unzzip-mem -l $(CVE).zip """ - tmpdir = self.testdir() - filename = self.zip_CVE_2018_14 - file_url = self.url_CVE_2018_14 - download(file_url, filename, tmpdir) - exe = self.bins("unzzip-mem") run = shell("{exe} -l {tmpdir}/{filename} ".format(**locals()), - returncodes = [0]) - self.assertLess(len(run.output), 1) - self.rm_testdir() - def test_64843(self): - """ unzzip-mix -l $(CVE).zip """ - tmpdir = self.testdir() - filename = self.zip_CVE_2018_14 - file_url = self.url_CVE_2018_14 - download(file_url, filename, tmpdir) - exe = self.bins("unzzip-mix") - run = shell("{exe} -l {tmpdir}/{filename} ".format(**locals()), - returncodes = [0, 2]) - self.assertLess(len(run.output), 1) - self.assertTrue(greps(run.errors, ".zip: No medium found")) - self.rm_testdir() - def test_64844(self): - """ unzzip-zap -l $(CVE).zip """ - tmpdir = self.testdir() - filename = self.zip_CVE_2018_14 - file_url = self.url_CVE_2018_14 - download(file_url, filename, tmpdir) - exe = self.bins("unzzip") - run = shell("{exe} -l {tmpdir}/{filename} ".format(**locals()), - returncodes = [0, 3]) + returncodes = [0,3]) self.assertLess(len(run.output), 1) self.assertLess(len(errors(run.errors)), 200) self.assertIn(": Success", run.errors) - self.rm_testdir() - def test_64845(self): - """ info unzip $(CVE).zip """ - tmpdir = self.testdir() - filename = self.zip_CVE_2018_14 - file_url = self.url_CVE_2018_14 - download(file_url, filename, tmpdir) - exe = self.bins("unzip") - run = shell("cd {tmpdir} && {exe} -o {filename}".format(**locals()), - returncodes = [9]) - self.assertLess(len(run.output), 200) - self.assertLess(len(errors(run.errors)), 800) - self.assertIn('End-of-central-directory signature not found', run.errors) - # self.assertEqual(os.path.getsize(tmpdir+"/test"), 3) - self.assertFalse(os.path.exists(tmpdir+"/test")) - self.rm_testdir() - def test_64846(self): - """ unzzip-big $(CVE).zip """ - tmpdir = self.testdir() - filename = self.zip_CVE_2018_14 - file_url = self.url_CVE_2018_14 - download(file_url, filename, tmpdir) - exe = self.bins("unzzip-big") - run = shell("cd {tmpdir} && ../{exe} {filename} ".format(**locals()), - returncodes = [0]) - self.assertLess(len(run.output), 30) - self.assertLess(len(errors(run.errors)), 1) - # self.assertEqual(os.path.getsize(tmpdir+"/test"), 3) - self.assertFalse(os.path.exists(tmpdir+"/test")) - self.rm_testdir() - def test_64847(self): - """ unzzip-mem $(CVE).zip """ - tmpdir = self.testdir() - filename = self.zip_CVE_2018_14 - file_url = self.url_CVE_2018_14 - download(file_url, filename, tmpdir) - exe = self.bins("unzzip-mem") - run = shell("cd {tmpdir} && ../{exe} {filename} ".format(**locals()), - returncodes = [0]) - self.assertLess(len(run.output), 30) - self.assertLess(len(errors(run.errors)), 10) - # self.assertEqual(os.path.getsize(tmpdir+"/test"), 3) - self.assertFalse(os.path.exists(tmpdir+"/test")) - self.rm_testdir() - def test_64848(self): - """ unzzip-mix $(CVE).zip """ - tmpdir = self.testdir() - filename = self.zip_CVE_2018_14 - file_url = self.url_CVE_2018_14 - download(file_url, filename, tmpdir) - exe = self.bins("unzzip-mix") - run = shell("cd {tmpdir} && ../{exe} {filename} ".format(**locals()), - returncodes = [0,2]) - self.assertLess(len(run.output), 30) - self.assertLess(len(errors(run.errors)), 10) - # self.assertEqual(os.path.getsize(tmpdir+"/test"), 3) - self.assertFalse(os.path.exists(tmpdir+"/test")) - self.rm_testdir() - def test_64849(self): - """ unzzip $(CVE).zip """ - tmpdir = self.testdir() - filename = self.zip_CVE_2018_14 - file_url = self.url_CVE_2018_14 - download(file_url, filename, tmpdir) - exe = self.bins("unzzip") + # run = shell("cd {tmpdir} && ../{exe} {filename} ".format(**locals()), returncodes = [0,3]) self.assertLess(len(run.output), 30) @@ -2925,77 +2405,22 @@ class ZZipTest(unittest.TestCase): self.assertFalse(os.path.exists(tmpdir+"/test")) self.rm_testdir() - url_CVE_2018_15 = "https://github.com/ProbeFuzzer/poc/blob/master/zziplib" - zip_CVE_2018_15 = "zziplib_0-13-67_unzip-mem_memory-alignment-errors_zzip_disk_findfirst.zip" - def test_65400(self): - """ info unzip -l $(CVE).zip """ - tmpdir = self.testdir() - filename = self.zip_CVE_2018_15 - file_url = self.url_CVE_2018_15 - download(file_url, filename, tmpdir) - exe = self.bins("unzip") - run = shell("{exe} -l {tmpdir}/{filename} ".format(**locals()), - returncodes = [0, 9]) - self.assertIn("End-of-central-directory signature not found", run.errors) - self.assertLess(len(run.output), 200) - self.assertLess(len(errors(run.errors)), 800) - self.rm_testdir() - def test_65401(self): - """ unzzip-big -l $(CVE).zip """ - tmpdir = self.testdir() - filename = self.zip_CVE_2018_15 - file_url = self.url_CVE_2018_15 - download(file_url, filename, tmpdir) - exe = self.bins("unzzip-big") - run = shell("{exe} -l {tmpdir}/{filename} ".format(**locals()), - returncodes = [0]) - self.assertLess(len(run.output), 1) - self.assertLess(len(errors(run.errors)), 1) - self.rm_testdir() - def test_65402(self): - """ unzzip-mem -l $(CVE).zip """ - tmpdir = self.testdir() - filename = self.zip_CVE_2018_15 - file_url = self.url_CVE_2018_15 - download(file_url, filename, tmpdir) - exe = self.bins("unzzip-mem") - run = shell("{exe} -l {tmpdir}/{filename} ".format(**locals()), - returncodes = [0]) - self.assertLess(len(run.output), 1) - self.assertLess(len(errors(run.errors)), 1) - self.rm_testdir() - def test_65403(self): - """ unzzip-mix -l $(CVE).zip """ - tmpdir = self.testdir() - filename = self.zip_CVE_2018_15 - file_url = self.url_CVE_2018_15 - download(file_url, filename, tmpdir) - exe = self.bins("unzzip-mix") - run = shell("{exe} -l {tmpdir}/{filename} ".format(**locals()), - returncodes = [0,2]) - self.assertLess(len(run.output), 1) - self.assertTrue(greps(run.errors, ".zip: No medium found")) - self.rm_testdir() - def test_65404(self): - """ unzzip-zap -l $(CVE).zip """ - tmpdir = self.testdir() - filename = self.zip_CVE_2018_15 - file_url = self.url_CVE_2018_15 - download(file_url, filename, tmpdir) - exe = self.bins("unzzip") - run = shell("{exe} -l {tmpdir}/{filename} ".format(**locals()), - returncodes = [0, 3]) - self.assertLess(len(run.output), 1) - self.assertLess(len(errors(run.errors)), 200) - self.assertIn(": Success", run.errors) - self.rm_testdir() - def test_65405(self): - """ info unzip $(CVE).zip """ + url_CVE_2018_14 = "https://github.com/ProbeFuzzer/poc/blob/master/zziplib" + zip_CVE_2018_14 = "zziplib_0-13-67_zzdir_memory-alignment-errors___zzip_fetch_disk_trailer.zip" + def test_64840(self): + """ info unzip -l $(CVE).zip """ tmpdir = self.testdir() - filename = self.zip_CVE_2018_15 - file_url = self.url_CVE_2018_15 + filename = self.zip_CVE_2018_14 + file_url = self.url_CVE_2018_14 download(file_url, filename, tmpdir) exe = self.bins("unzip") + run = shell("{exe} -l {tmpdir}/{filename} ".format(**locals()), + returncodes = [0, 9]) + self.assertIn("End-of-central-directory signature not found", run.errors) + self.assertLess(len(run.output), 200) + self.assertLess(len(errors(run.errors)), 800) + # + exe = self.bins("unzip") run = shell("cd {tmpdir} && {exe} -o {filename}".format(**locals()), returncodes = [9]) self.assertLess(len(run.output), 200) @@ -3004,13 +2429,18 @@ class ZZipTest(unittest.TestCase): # self.assertEqual(os.path.getsize(tmpdir+"/test"), 3) self.assertFalse(os.path.exists(tmpdir+"/test")) self.rm_testdir() - def test_65406(self): - """ unzzip-big $(CVE).zip """ + def test_64841(self): + """ unzzip-big -l $(CVE).zip """ tmpdir = self.testdir() - filename = self.zip_CVE_2018_15 - file_url = self.url_CVE_2018_15 + filename = self.zip_CVE_2018_14 + file_url = self.url_CVE_2018_14 download(file_url, filename, tmpdir) exe = self.bins("unzzip-big") + run = shell("{exe} -l {tmpdir}/{filename} ".format(**locals()), + returncodes = [0]) + self.assertLess(len(run.output), 1) + self.assertLess(len(errors(run.errors)), 1) + # run = shell("cd {tmpdir} && ../{exe} {filename} ".format(**locals()), returncodes = [0]) self.assertLess(len(run.output), 30) @@ -3018,13 +2448,17 @@ class ZZipTest(unittest.TestCase): # self.assertEqual(os.path.getsize(tmpdir+"/test"), 3) self.assertFalse(os.path.exists(tmpdir+"/test")) self.rm_testdir() - def test_65407(self): - """ unzzip-mem $(CVE).zip """ + def test_64842(self): + """ unzzip-mem -l $(CVE).zip """ tmpdir = self.testdir() - filename = self.zip_CVE_2018_15 - file_url = self.url_CVE_2018_15 + filename = self.zip_CVE_2018_14 + file_url = self.url_CVE_2018_14 download(file_url, filename, tmpdir) exe = self.bins("unzzip-mem") + run = shell("{exe} -l {tmpdir}/{filename} ".format(**locals()), + returncodes = [0]) + self.assertLess(len(run.output), 1) + # run = shell("cd {tmpdir} && ../{exe} {filename} ".format(**locals()), returncodes = [0]) self.assertLess(len(run.output), 30) @@ -3032,13 +2466,18 @@ class ZZipTest(unittest.TestCase): # self.assertEqual(os.path.getsize(tmpdir+"/test"), 3) self.assertFalse(os.path.exists(tmpdir+"/test")) self.rm_testdir() - def test_65408(self): - """ unzzip-mix $(CVE).zip """ + def test_64843(self): + """ unzzip-mix -l $(CVE).zip """ tmpdir = self.testdir() - filename = self.zip_CVE_2018_15 - file_url = self.url_CVE_2018_15 + filename = self.zip_CVE_2018_14 + file_url = self.url_CVE_2018_14 download(file_url, filename, tmpdir) exe = self.bins("unzzip-mix") + run = shell("{exe} -l {tmpdir}/{filename} ".format(**locals()), + returncodes = [0, 2]) + self.assertLess(len(run.output), 1) + self.assertTrue(greps(run.errors, ".zip: No medium found")) + # run = shell("cd {tmpdir} && ../{exe} {filename} ".format(**locals()), returncodes = [0,2]) self.assertLess(len(run.output), 30) @@ -3046,13 +2485,19 @@ class ZZipTest(unittest.TestCase): # self.assertEqual(os.path.getsize(tmpdir+"/test"), 3) self.assertFalse(os.path.exists(tmpdir+"/test")) self.rm_testdir() - def test_65409(self): - """ unzzip $(CVE).zip """ + def test_64844(self): + """ unzzip-zap -l $(CVE).zip """ tmpdir = self.testdir() - filename = self.zip_CVE_2018_15 - file_url = self.url_CVE_2018_15 + filename = self.zip_CVE_2018_14 + file_url = self.url_CVE_2018_14 download(file_url, filename, tmpdir) exe = self.bins("unzzip") + run = shell("{exe} -l {tmpdir}/{filename} ".format(**locals()), + returncodes = [0, 3]) + self.assertLess(len(run.output), 1) + self.assertLess(len(errors(run.errors)), 200) + self.assertIn(": Success", run.errors) + # run = shell("cd {tmpdir} && ../{exe} {filename} ".format(**locals()), returncodes = [0,3]) self.assertLess(len(run.output), 30) @@ -3061,13 +2506,13 @@ class ZZipTest(unittest.TestCase): self.assertFalse(os.path.exists(tmpdir+"/test")) self.rm_testdir() - url_CVE_2018_16 = "https://github.com/ProbeFuzzer/poc/blob/master/zziplib" - zip_CVE_2018_16 = "zziplib_0-13-67_unzzip_memory-aligment-errors___zzip_fetch_disk_trailer.zip" - def test_65410(self): + url_CVE_2018_15 = "https://github.com/ProbeFuzzer/poc/blob/master/zziplib" + zip_CVE_2018_15 = "zziplib_0-13-67_unzip-mem_memory-alignment-errors_zzip_disk_findfirst.zip" + def test_65400(self): """ info unzip -l $(CVE).zip """ tmpdir = self.testdir() - filename = self.zip_CVE_2018_16 - file_url = self.url_CVE_2018_16 + filename = self.zip_CVE_2018_15 + file_url = self.url_CVE_2018_15 download(file_url, filename, tmpdir) exe = self.bins("unzip") run = shell("{exe} -l {tmpdir}/{filename} ".format(**locals()), @@ -3075,48 +2520,77 @@ class ZZipTest(unittest.TestCase): self.assertIn("End-of-central-directory signature not found", run.errors) self.assertLess(len(run.output), 200) self.assertLess(len(errors(run.errors)), 800) + # + run = shell("cd {tmpdir} && {exe} -o {filename}".format(**locals()), + returncodes = [9]) + self.assertLess(len(run.output), 200) + self.assertLess(len(errors(run.errors)), 800) + self.assertIn('End-of-central-directory signature not found', run.errors) + # self.assertEqual(os.path.getsize(tmpdir+"/test"), 3) + self.assertFalse(os.path.exists(tmpdir+"/test")) self.rm_testdir() - def test_65411(self): + def test_65401(self): """ unzzip-big -l $(CVE).zip """ tmpdir = self.testdir() - filename = self.zip_CVE_2018_16 - file_url = self.url_CVE_2018_16 + filename = self.zip_CVE_2018_15 + file_url = self.url_CVE_2018_15 download(file_url, filename, tmpdir) exe = self.bins("unzzip-big") run = shell("{exe} -l {tmpdir}/{filename} ".format(**locals()), returncodes = [0]) self.assertLess(len(run.output), 1) self.assertLess(len(errors(run.errors)), 1) + # + run = shell("cd {tmpdir} && ../{exe} {filename} ".format(**locals()), + returncodes = [0]) + self.assertLess(len(run.output), 30) + self.assertLess(len(errors(run.errors)), 1) + # self.assertEqual(os.path.getsize(tmpdir+"/test"), 3) + self.assertFalse(os.path.exists(tmpdir+"/test")) self.rm_testdir() - def test_65412(self): + def test_65402(self): """ unzzip-mem -l $(CVE).zip """ tmpdir = self.testdir() - filename = self.zip_CVE_2018_16 - file_url = self.url_CVE_2018_16 + filename = self.zip_CVE_2018_15 + file_url = self.url_CVE_2018_15 download(file_url, filename, tmpdir) exe = self.bins("unzzip-mem") run = shell("{exe} -l {tmpdir}/{filename} ".format(**locals()), returncodes = [0]) self.assertLess(len(run.output), 1) self.assertLess(len(errors(run.errors)), 1) + # + run = shell("cd {tmpdir} && ../{exe} {filename} ".format(**locals()), + returncodes = [0]) + self.assertLess(len(run.output), 30) + self.assertLess(len(errors(run.errors)), 10) + # self.assertEqual(os.path.getsize(tmpdir+"/test"), 3) + self.assertFalse(os.path.exists(tmpdir+"/test")) self.rm_testdir() - def test_65413(self): + def test_65403(self): """ unzzip-mix -l $(CVE).zip """ tmpdir = self.testdir() - filename = self.zip_CVE_2018_16 - file_url = self.url_CVE_2018_16 + filename = self.zip_CVE_2018_15 + file_url = self.url_CVE_2018_15 download(file_url, filename, tmpdir) exe = self.bins("unzzip-mix") run = shell("{exe} -l {tmpdir}/{filename} ".format(**locals()), returncodes = [0,2]) self.assertLess(len(run.output), 1) self.assertTrue(greps(run.errors, ".zip: No medium found")) + # + run = shell("cd {tmpdir} && ../{exe} {filename} ".format(**locals()), + returncodes = [0,2]) + self.assertLess(len(run.output), 30) + self.assertLess(len(errors(run.errors)), 10) + # self.assertEqual(os.path.getsize(tmpdir+"/test"), 3) + self.assertFalse(os.path.exists(tmpdir+"/test")) self.rm_testdir() - def test_65414(self): + def test_65404(self): """ unzzip-zap -l $(CVE).zip """ tmpdir = self.testdir() - filename = self.zip_CVE_2018_16 - file_url = self.url_CVE_2018_16 + filename = self.zip_CVE_2018_15 + file_url = self.url_CVE_2018_15 download(file_url, filename, tmpdir) exe = self.bins("unzzip") run = shell("{exe} -l {tmpdir}/{filename} ".format(**locals()), @@ -3124,14 +2598,30 @@ class ZZipTest(unittest.TestCase): self.assertLess(len(run.output), 1) self.assertLess(len(errors(run.errors)), 200) self.assertIn(": Success", run.errors) + # + run = shell("cd {tmpdir} && ../{exe} {filename} ".format(**locals()), + returncodes = [0,3]) + self.assertLess(len(run.output), 30) + self.assertLess(len(errors(run.errors)), 10) + # self.assertEqual(os.path.getsize(tmpdir+"/test"), 3) + self.assertFalse(os.path.exists(tmpdir+"/test")) self.rm_testdir() - def test_65415(self): - """ info unzip $(CVE).zip """ + + url_CVE_2018_16 = "https://github.com/ProbeFuzzer/poc/blob/master/zziplib" + zip_CVE_2018_16 = "zziplib_0-13-67_unzzip_memory-aligment-errors___zzip_fetch_disk_trailer.zip" + def test_65410(self): + """ info unzip -l $(CVE).zip """ tmpdir = self.testdir() filename = self.zip_CVE_2018_16 file_url = self.url_CVE_2018_16 download(file_url, filename, tmpdir) exe = self.bins("unzip") + run = shell("{exe} -l {tmpdir}/{filename} ".format(**locals()), + returncodes = [0, 9]) + self.assertIn("End-of-central-directory signature not found", run.errors) + self.assertLess(len(run.output), 200) + self.assertLess(len(errors(run.errors)), 800) + # run = shell("cd {tmpdir} && {exe} -o {filename}".format(**locals()), returncodes = [9]) self.assertLess(len(run.output), 200) @@ -3140,13 +2630,18 @@ class ZZipTest(unittest.TestCase): # self.assertEqual(os.path.getsize(tmpdir+"/test"), 3) self.assertFalse(os.path.exists(tmpdir+"/test")) self.rm_testdir() - def test_65416(self): - """ unzzip-big $(CVE).zip """ + def test_65411(self): + """ unzzip-big -l $(CVE).zip """ tmpdir = self.testdir() filename = self.zip_CVE_2018_16 file_url = self.url_CVE_2018_16 download(file_url, filename, tmpdir) exe = self.bins("unzzip-big") + run = shell("{exe} -l {tmpdir}/{filename} ".format(**locals()), + returncodes = [0]) + self.assertLess(len(run.output), 1) + self.assertLess(len(errors(run.errors)), 1) + # run = shell("cd {tmpdir} && ../{exe} {filename} ".format(**locals()), returncodes = [0]) self.assertLess(len(run.output), 30) @@ -3154,13 +2649,18 @@ class ZZipTest(unittest.TestCase): # self.assertEqual(os.path.getsize(tmpdir+"/test"), 3) self.assertFalse(os.path.exists(tmpdir+"/test")) self.rm_testdir() - def test_65417(self): - """ unzzip-mem $(CVE).zip """ + def test_65412(self): + """ unzzip-mem -l $(CVE).zip """ tmpdir = self.testdir() filename = self.zip_CVE_2018_16 file_url = self.url_CVE_2018_16 download(file_url, filename, tmpdir) exe = self.bins("unzzip-mem") + run = shell("{exe} -l {tmpdir}/{filename} ".format(**locals()), + returncodes = [0]) + self.assertLess(len(run.output), 1) + self.assertLess(len(errors(run.errors)), 1) + # run = shell("cd {tmpdir} && ../{exe} {filename} ".format(**locals()), returncodes = [0]) self.assertLess(len(run.output), 30) @@ -3168,13 +2668,18 @@ class ZZipTest(unittest.TestCase): # self.assertEqual(os.path.getsize(tmpdir+"/test"), 3) self.assertFalse(os.path.exists(tmpdir+"/test")) self.rm_testdir() - def test_65418(self): - """ unzzip-mix $(CVE).zip """ + def test_65413(self): + """ unzzip-mix -l $(CVE).zip """ tmpdir = self.testdir() filename = self.zip_CVE_2018_16 file_url = self.url_CVE_2018_16 download(file_url, filename, tmpdir) exe = self.bins("unzzip-mix") + run = shell("{exe} -l {tmpdir}/{filename} ".format(**locals()), + returncodes = [0,2]) + self.assertLess(len(run.output), 1) + self.assertTrue(greps(run.errors, ".zip: No medium found")) + # run = shell("cd {tmpdir} && ../{exe} {filename} ".format(**locals()), returncodes = [0,2]) self.assertLess(len(run.output), 30) @@ -3182,13 +2687,19 @@ class ZZipTest(unittest.TestCase): # self.assertEqual(os.path.getsize(tmpdir+"/test"), 3) self.assertFalse(os.path.exists(tmpdir+"/test")) self.rm_testdir() - def test_65419(self): - """ unzzip $(CVE).zip """ + def test_65414(self): + """ unzzip-zap -l $(CVE).zip """ tmpdir = self.testdir() filename = self.zip_CVE_2018_16 file_url = self.url_CVE_2018_16 download(file_url, filename, tmpdir) exe = self.bins("unzzip") + run = shell("{exe} -l {tmpdir}/{filename} ".format(**locals()), + returncodes = [0, 3]) + self.assertLess(len(run.output), 1) + self.assertLess(len(errors(run.errors)), 200) + self.assertIn(": Success", run.errors) + # run = shell("cd {tmpdir} && ../{exe} -p {filename} ".format(**locals()), returncodes = [0,3]) run = shell("cd {tmpdir} && ../{exe} {filename} ".format(**locals()), @@ -3213,62 +2724,7 @@ class ZZipTest(unittest.TestCase): self.assertIn("End-of-central-directory signature not found", run.errors) self.assertLess(len(run.output), 200) self.assertLess(len(errors(run.errors)), 800) - self.rm_testdir() - def test_65421(self): - """ unzzip-big -l $(CVE).zip """ - tmpdir = self.testdir() - filename = self.zip_CVE_2018_17 - file_url = self.url_CVE_2018_17 - download(file_url, filename, tmpdir) - exe = self.bins("unzzip-big") - run = shell("{exe} -l {tmpdir}/{filename} ".format(**locals()), - returncodes = [0]) - self.assertLess(len(run.output), 1) - self.rm_testdir() - def test_65422(self): - """ unzzip-mem -l $(CVE).zip """ - tmpdir = self.testdir() - filename = self.zip_CVE_2018_17 - file_url = self.url_CVE_2018_17 - download(file_url, filename, tmpdir) - exe = self.bins("unzzip-mem") - run = shell("{exe} -l {tmpdir}/{filename} ".format(**locals()), - returncodes = [0]) - self.assertLess(len(run.output), 1) - self.assertLess(len(errors(run.errors)), 1) - self.rm_testdir() - def test_65423(self): - """ unzzip-mix -l $(CVE).zip """ - tmpdir = self.testdir() - filename = self.zip_CVE_2018_17 - file_url = self.url_CVE_2018_17 - download(file_url, filename, tmpdir) - exe = self.bins("unzzip-mix") - run = shell("{exe} -l {tmpdir}/{filename} ".format(**locals()), - returncodes = [0,2]) - self.assertLess(len(run.output), 1) - self.assertTrue(greps(run.errors, ".zip: No medium found")) - self.rm_testdir() - def test_65424(self): - """ unzzip-zap -l $(CVE).zip """ - tmpdir = self.testdir() - filename = self.zip_CVE_2018_17 - file_url = self.url_CVE_2018_17 - download(file_url, filename, tmpdir) - exe = self.bins("unzzip") - run = shell("{exe} -l {tmpdir}/{filename} ".format(**locals()), - returncodes = [0, 3]) - self.assertLess(len(run.output), 1) - self.assertLess(len(errors(run.errors)), 200) - self.assertIn(": Success", run.errors) - self.rm_testdir() - def test_65425(self): - """ info unzip $(CVE).zip """ - tmpdir = self.testdir() - filename = self.zip_CVE_2018_17 - file_url = self.url_CVE_2018_17 - download(file_url, filename, tmpdir) - exe = self.bins("unzip") + # run = shell("cd {tmpdir} && {exe} -o {filename}".format(**locals()), returncodes = [9]) self.assertLess(len(run.output), 200) @@ -3277,13 +2733,17 @@ class ZZipTest(unittest.TestCase): # self.assertEqual(os.path.getsize(tmpdir+"/test"), 3) self.assertFalse(os.path.exists(tmpdir+"/test")) self.rm_testdir() - def test_65426(self): - """ unzzip-big $(CVE).zip """ + def test_65421(self): + """ unzzip-big -l $(CVE).zip """ tmpdir = self.testdir() filename = self.zip_CVE_2018_17 file_url = self.url_CVE_2018_17 download(file_url, filename, tmpdir) exe = self.bins("unzzip-big") + run = shell("{exe} -l {tmpdir}/{filename} ".format(**locals()), + returncodes = [0]) + self.assertLess(len(run.output), 1) + # run = shell("cd {tmpdir} && ../{exe} {filename} ".format(**locals()), returncodes = [0]) self.assertLess(len(run.output), 30) @@ -3291,29 +2751,40 @@ class ZZipTest(unittest.TestCase): # self.assertEqual(os.path.getsize(tmpdir+"/test"), 3) self.assertFalse(os.path.exists(tmpdir+"/test")) self.rm_testdir() - def test_65427(self): - """ unzzip-mem $(CVE).zip """ + def test_65422(self): + """ unzzip-mem -l $(CVE).zip """ tmpdir = self.testdir() filename = self.zip_CVE_2018_17 file_url = self.url_CVE_2018_17 download(file_url, filename, tmpdir) exe = self.bins("unzzip-mem") - run = shell("cd {tmpdir} && ../{exe} -p {filename} ".format(**locals()), + run = shell("{exe} -l {tmpdir}/{filename} ".format(**locals()), returncodes = [0]) + self.assertLess(len(run.output), 1) + self.assertLess(len(errors(run.errors)), 1) + # run = shell("cd {tmpdir} && ../{exe} {filename} ".format(**locals()), returncodes = [0]) self.assertLess(len(run.output), 30) self.assertLess(len(errors(run.errors)), 10) # self.assertEqual(os.path.getsize(tmpdir+"/test"), 3) self.assertFalse(os.path.exists(tmpdir+"/test")) - self.rm_testdir() - def test_65428(self): - """ unzzip-mix $(CVE).zip """ + # + run = shell("cd {tmpdir} && ../{exe} -p {filename} ".format(**locals()), + returncodes = [0]) + # self.rm_testdir() + def test_65423(self): + """ unzzip-mix -l $(CVE).zip """ tmpdir = self.testdir() filename = self.zip_CVE_2018_17 file_url = self.url_CVE_2018_17 download(file_url, filename, tmpdir) exe = self.bins("unzzip-mix") + run = shell("{exe} -l {tmpdir}/{filename} ".format(**locals()), + returncodes = [0,2]) + self.assertLess(len(run.output), 1) + self.assertTrue(greps(run.errors, ".zip: No medium found")) + # run = shell("cd {tmpdir} && ../{exe} {filename} ".format(**locals()), returncodes = [0,2]) self.assertLess(len(run.output), 30) @@ -3321,13 +2792,19 @@ class ZZipTest(unittest.TestCase): # self.assertEqual(os.path.getsize(tmpdir+"/test"), 3) self.assertFalse(os.path.exists(tmpdir+"/test")) self.rm_testdir() - def test_65429(self): - """ unzzip $(CVE).zip """ + def test_65424(self): + """ unzzip-zap -l $(CVE).zip """ tmpdir = self.testdir() filename = self.zip_CVE_2018_17 file_url = self.url_CVE_2018_17 download(file_url, filename, tmpdir) exe = self.bins("unzzip") + run = shell("{exe} -l {tmpdir}/{filename} ".format(**locals()), + returncodes = [0, 3]) + self.assertLess(len(run.output), 1) + self.assertLess(len(errors(run.errors)), 200) + self.assertIn(": Success", run.errors) + # run = shell("cd {tmpdir} && ../{exe} {filename} ".format(**locals()), returncodes = [0,3]) self.assertLess(len(run.output), 30) -- 2.40.0