[compress] Tar stream signature detection regression as of 1.11

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

[compress] Tar stream signature detection regression as of 1.11

Philipp Grasboeck
Hello,
I think I may have found a regression in
ArchiveFormatFactory.createArchiveInputStream.
Please run the JUnit testcase at the end of this mail.
It demonstrates the archive detection working with 1.10, but failing from
1.11 through 1.14
The file "COMPRESS-117.tar" is taken from commons-compress-1.9-src.zip.
If it's not a bug, please let me know. Reading in COMPRESS-117 JIRA, I
believe it fixed exactly this situation.


import java.io.BufferedInputStream;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.io.InputStream;

import org.apache.commons.compress.archivers.ArchiveException;
import org.apache.commons.compress.archivers.ArchiveInputStream;
import org.apache.commons.compress.archivers.ArchiveStreamFactory;
import org.apache.commons.compress.archivers.tar.TarArchiveInputStream;
import org.junit.Assert;
import org.junit.Test;

public class TarDetectionRegressionTest {

    @Test
    public void check() throws IOException, ArchiveException {
        /*
         * we can read the archive normally
         */
        try (InputStream in = open()) {
            try (TarArchiveInputStream tar = new TarArchiveInputStream(in))
{
                checkContents(tar);
            }
        }

        /*
         * but we cannot detect the stream signature with commons-compress
version >= 1.11
         * 1.10: works
         * 1.11: fail
         * 1.12: fail
         * 1.13: fail
         * 1.14: fail
         */

        try (InputStream in = open()) {
            ArchiveInputStream s = new
ArchiveStreamFactory().createArchiveInputStream(in);
            Assert.assertTrue(s instanceof TarArchiveInputStream);
            checkContents((TarArchiveInputStream) s);
        }
    }

    private void checkContents(TarArchiveInputStream tar) throws
IOException {
        Assert.assertEquals("test1.xml", tar.getNextEntry().getName());
        Assert.assertEquals("test2.xml", tar.getNextEntry().getName());
    }

    private InputStream open() throws FileNotFoundException {
        return new BufferedInputStream( new
FileInputStream("src/test/resources/COMPRESS-117.tar"));
    }
}
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: [compress] Tar stream signature detection regression as of 1.11

James Ring
According to git bisect, 1fb42987de0d21c9b6777272320b64230eadb277 is
the first bad commit

commit 1fb42987de0d21c9b6777272320b64230eadb277

Author: Stefan Bodewig <[hidden email]>

Date:   Sun Jan 31 13:12:31 2016 +0100


    COMPRESS-331 make tar checksum check as strict as GNU tar

On Thu, Aug 10, 2017 at 11:14 PM, Philipp Grasboeck
<[hidden email]> wrote:

> Hello,
> I think I may have found a regression in
> ArchiveFormatFactory.createArchiveInputStream.
> Please run the JUnit testcase at the end of this mail.
> It demonstrates the archive detection working with 1.10, but failing from
> 1.11 through 1.14
> The file "COMPRESS-117.tar" is taken from commons-compress-1.9-src.zip.
> If it's not a bug, please let me know. Reading in COMPRESS-117 JIRA, I
> believe it fixed exactly this situation.
>
>
> import java.io.BufferedInputStream;
> import java.io.FileInputStream;
> import java.io.FileNotFoundException;
> import java.io.IOException;
> import java.io.InputStream;
>
> import org.apache.commons.compress.archivers.ArchiveException;
> import org.apache.commons.compress.archivers.ArchiveInputStream;
> import org.apache.commons.compress.archivers.ArchiveStreamFactory;
> import org.apache.commons.compress.archivers.tar.TarArchiveInputStream;
> import org.junit.Assert;
> import org.junit.Test;
>
> public class TarDetectionRegressionTest {
>
>     @Test
>     public void check() throws IOException, ArchiveException {
>         /*
>          * we can read the archive normally
>          */
>         try (InputStream in = open()) {
>             try (TarArchiveInputStream tar = new TarArchiveInputStream(in))
> {
>                 checkContents(tar);
>             }
>         }
>
>         /*
>          * but we cannot detect the stream signature with commons-compress
> version >= 1.11
>          * 1.10: works
>          * 1.11: fail
>          * 1.12: fail
>          * 1.13: fail
>          * 1.14: fail
>          */
>
>         try (InputStream in = open()) {
>             ArchiveInputStream s = new
> ArchiveStreamFactory().createArchiveInputStream(in);
>             Assert.assertTrue(s instanceof TarArchiveInputStream);
>             checkContents((TarArchiveInputStream) s);
>         }
>     }
>
>     private void checkContents(TarArchiveInputStream tar) throws
> IOException {
>         Assert.assertEquals("test1.xml", tar.getNextEntry().getName());
>         Assert.assertEquals("test2.xml", tar.getNextEntry().getName());
>     }
>
>     private InputStream open() throws FileNotFoundException {
>         return new BufferedInputStream( new
> FileInputStream("src/test/resources/COMPRESS-117.tar"));
>     }
> }

---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: [compress] Tar stream signature detection regression as of 1.11

Stefan Bodewig
In reply to this post by Philipp Grasboeck
On 2017-08-11, Philipp Grasboeck wrote:

> I think I may have found a regression in
> ArchiveFormatFactory.createArchiveInputStream.
> Please run the JUnit testcase at the end of this mail.
> It demonstrates the archive detection working with 1.10, but failing from
> 1.11 through 1.14

As already pointed out by James Ring, please see
https://issues.apache.org/jira/browse/COMPRESS-331

The code in 1.10 would accept streams as tar archives that were not
valid. We made the check as strict as the one of GNU tar and only accept
streams with a correct header checksum as tar archives.

> The file "COMPRESS-117.tar" is taken from commons-compress-1.9-src.zip.
> If it's not a bug, please let me know.

The file COMPRESS-117.tar gets rejected by GNU tar as well. Please see
COMPRESS-331 for a bit of history.

If you've got a tar archive which gets accepted by GNU tar but rejected
by Commons Compress, then this is a bug - and I'd ask you to open a new
issue and attach the archive.

Thanks

        Stefan

---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Loading...