fix(archive/untar.ts): cannot access symlinks in archives (#3686)

Author: cwirving

archive/testdata/with_link.tar

@@ -39,6 +39,14 @@ import {
 import { readAll } from "../streams/read_all.ts";
 import type { Reader } from "../types.d.ts";
 
+/**
+ * Extend TarMeta with the `linkName` property so that readers can access
+ * symbolic link values without polluting the world of archive writers.
+ */
+export interface TarMetaWithLinkName extends TarMeta {
+  linkName?: string;
+}
+
 export interface TarHeader {
   [key: string]: Uint8Array;
 }
@@ -73,7 +81,7 @@ function parseHeader(buffer: Uint8Array): { [key: string]: Uint8Array } {
 }
 
 // deno-lint-ignore no-empty-interface
-export interface TarEntry extends TarMeta {}
+export interface TarEntry extends TarMetaWithLinkName {}
 
 export class TarEntry implements Reader {
   #header: TarHeader;
@@ -83,7 +91,7 @@ export class TarEntry implements Reader {
   #consumed = false;
   #entrySize: number;
   constructor(
-    meta: TarMeta,
+    meta: TarMetaWithLinkName,
     header: TarHeader,
     reader: Reader | (Reader & Deno.Seeker),
   ) {
@@ -244,22 +252,19 @@ export class Untar {
     return header;
   }
 
-  #getMetadata(header: TarHeader): TarMeta {
+  #getMetadata(header: TarHeader): TarMetaWithLinkName {
     const decoder = new TextDecoder();
     // get meta data
-    const meta: TarMeta = {
+    const meta: TarMetaWithLinkName = {
       fileName: decoder.decode(trim(header.fileName)),
     };
     const fileNamePrefix = trim(header.fileNamePrefix);
     if (fileNamePrefix.byteLength > 0) {
       meta.fileName = decoder.decode(fileNamePrefix) + "/" + meta.fileName;
     }
-    (["fileMode", "mtime", "uid", "gid"] as [
-      "fileMode",
-      "mtime",
-      "uid",
-      "gid",
-    ]).forEach((key) => {
+    (
+      ["fileMode", "mtime", "uid", "gid"] as ["fileMode", "mtime", "uid", "gid"]
+    ).forEach((key) => {
       const arr = trim(header[key]);
       if (arr.byteLength > 0) {
         meta[key] = parseInt(decoder.decode(arr), 8);
@@ -277,6 +282,12 @@ export class Untar {
     meta.fileSize = parseInt(decoder.decode(header.fileSize), 8);
     meta.type = FileTypes[parseInt(meta.type!)] ?? meta.type;
 
+    // Only create the `linkName` property for symbolic links to minimize
+    // the effect on existing code that only deals with non-links.
+    if (meta.type === "symlink") {
+      meta.linkName = decoder.decode(trim(header.linkName));
+    }
+
     return meta;
   }
 

archive/untar.ts

@@ -2,7 +2,12 @@
 import { assert, assertEquals, assertExists } from "../assert/mod.ts";
 import { resolve } from "../path/mod.ts";
 import { Tar, type TarMeta } from "./tar.ts";
-import { TarEntry, type TarHeader, Untar } from "./untar.ts";
+import {
+  TarEntry,
+  type TarHeader,
+  TarMetaWithLinkName,
+  Untar,
+} from "./untar.ts";
 import { Buffer } from "../io/buffer.ts";
 import { copy } from "../streams/copy.ts";
 import { readAll } from "../streams/read_all.ts";
@@ -348,3 +353,54 @@ Deno.test({
     assertExists(tarEntry);
   },
 });
+
+Deno.test("untarArchiveWithLink", async function () {
+  const filePath = resolve(testdataDir, "with_link.tar");
+  const file = await Deno.open(filePath, { read: true });
+
+  type ExpectedEntry = TarMetaWithLinkName & { content?: Uint8Array };
+
+  const expectedEntries: ExpectedEntry[] = [
+    {
+      fileName: "hello.txt",
+      fileMode: 436,
+      fileSize: 14,
+      mtime: 1696384910,
+      uid: 1000,
+      gid: 1000,
+      owner: "user",
+      group: "user",
+      type: "file",
+      content: new TextEncoder().encode("Hello World!\n\n"),
+    },
+    {
+      fileName: "link_to_hello.txt",
+      linkName: "./hello.txt",
+      fileMode: 511,
+      fileSize: 0,
+      mtime: 1696384945,
+      uid: 1000,
+      gid: 1000,
+      owner: "user",
+      group: "user",
+      type: "symlink",
+    },
+  ];
+
+  const untar = new Untar(file);
+
+  for await (const entry of untar) {
+    const expected = expectedEntries.shift();
+    assert(expected);
+    const content = expected.content;
+    delete expected.content;
+
+    assertEquals({ ...entry }, expected);
+
+    if (content) {
+      assertEquals(content, await readAll(entry));
+    }
+  }
+
+  file.close();
+});