From 76c6e9200603448725a39816f88f924653107d31 Mon Sep 17 00:00:00 2001 From: Daniel Lockyer Date: Wed, 8 May 2024 14:59:34 +0200 Subject: [PATCH] Handled invalid files when uploading DB zips (#20165) fix https://linear.app/tryghost/issue/SLO-103/invalid-comment-length-expected-7-found-0-an-unexpected-error-occurred - similar to https://github.com/TryGhost/Ghost/commit/e8e3447f15549df884b33a0e0d4ffe7bf308a680, this captures a specific error from yauzl and throws a user-friendly error - perhaps in the future we can just look for yauzl errors and always return user-friendly errors, but let's monitor that first - also includes a breaking test --- .../core/server/data/importer/import-manager.js | 5 ++++- ghost/core/test/e2e-api/admin/db.test.js | 12 +++++++++++- .../fixtures/import/zips/malformed-comments.zip | Bin 0 -> 222 bytes 3 files changed, 15 insertions(+), 2 deletions(-) create mode 100644 ghost/core/test/utils/fixtures/import/zips/malformed-comments.zip diff --git a/ghost/core/core/server/data/importer/import-manager.js b/ghost/core/core/server/data/importer/import-manager.js index 431e5672c5..360c081af7 100644 --- a/ghost/core/core/server/data/importer/import-manager.js +++ b/ghost/core/core/server/data/importer/import-manager.js @@ -235,7 +235,10 @@ class ImportManager { help: tpl(messages.invalidZipFileNameEncodingHelp), code: 'INVALID_ZIP_FILE_NAME_ENCODING' }); - } else if (err.message.includes('end of central directory record signature not found')) { // This comes from Yauzl when the zip is invalid + } else if ( + err.message.includes('end of central directory record signature not found') + || err.message.includes('invalid comment length') + ) { // This comes from Yauzl when the zip is invalid throw new errors.UnsupportedMediaTypeError({ message: tpl(messages.invalidZipFileNameEncoding), code: 'INVALID_ZIP_FILE' diff --git a/ghost/core/test/e2e-api/admin/db.test.js b/ghost/core/test/e2e-api/admin/db.test.js index d439edec4b..9800035799 100644 --- a/ghost/core/test/e2e-api/admin/db.test.js +++ b/ghost/core/test/e2e-api/admin/db.test.js @@ -104,7 +104,7 @@ describe('DB API', function () { }); }); - it('Handles invalid zip file uploads', async function () { + it('Handles invalid zip file uploads (central directory)', async function () { const res = await request.post(localUtils.API.getApiQuery('db/')) .set('Origin', config.get('url')) .attach('importfile', 'test/utils/fixtures/import/zips/empty.zip') @@ -113,4 +113,14 @@ describe('DB API', function () { res.body.errors[0].message.should.eql('The uploaded zip could not be read'); }); + + it('Handles invalid zip file uploads (malformed comments)', async function () { + const res = await request.post(localUtils.API.getApiQuery('db/')) + .set('Origin', config.get('url')) + .attach('importfile', 'test/utils/fixtures/import/zips/malformed-comments.zip') + .expect('Content-Type', /json/) + .expect(415); + + res.body.errors[0].message.should.eql('The uploaded zip could not be read'); + }); }); diff --git a/ghost/core/test/utils/fixtures/import/zips/malformed-comments.zip b/ghost/core/test/utils/fixtures/import/zips/malformed-comments.zip new file mode 100644 index 0000000000000000000000000000000000000000..2da0f78d9df7c2a2e9a16d9962d37c1435b2cd2b GIT binary patch literal 222 zcmWIWW@Zs#-~htAWy>NMpnw-hb1*0{l%y7y=p`4Ig@*7luq$7-NDC{lP6N@U72FJr zEMFNJ7=XGN7`(4|p7lL*=3=0SkJmFMh5&DNj`UlVxA}omAfp1j8JR?w5!N8ffvkan mC5<2!v6cpSv$BEIGXh~4kWK}07!q|-a}zUjbQBVklDPn1D=%mO literal 0 HcmV?d00001