Throw an IllegalArgumentException when a file name or comment in gzip

garydgregory · garydgregory · commit 7143c5589931 · 2024-11-30T08:29:42.000-05:00
parameters encodes to a byte array with a 0 byte #618 - Sort members - Better local var names in tests - Use JUnit feature instead of custom code - Add missing assertions
diff --git a/src/changes/changes.xml b/src/changes/changes.xml
@@ -54,6 +54,7 @@ The <action> type attribute can be add,update,fix,remove.
       <action type="fix" dev="ggregory" due-to="Glavo">Remove unused local variable in ZipFile #615.</action>
       <action type="fix" dev="ggregory" due-to="Glavo, Gary Gregory">Optimize ZipEightByteInteger #614.</action>
       <action type="fix" dev="ggregory" due-to="Gary Gregory">ZipEightByteInteger.toString() now returns a number string without text prefix, like BigInteger.</action>
+      <action type="fix" dev="ggregory" due-to="ddeschenes-1, Gary Gregory">Throw an IllegalArgumentException when a file name or comment in gzip parameters encodes to a byte array with a 0 byte #618.</action> 
       <!-- ADD -->
       <action type="add" dev="ggregory" due-to="Gary Gregory">Add GzipParameters.getModificationInstant().</action>
       <action type="add" dev="ggregory" due-to="Gary Gregory">Add GzipParameters.setModificationInstant(Instant).</action>
diff --git a/src/main/java/org/apache/commons/compress/compressors/gzip/GzipParameters.java b/src/main/java/org/apache/commons/compress/compressors/gzip/GzipParameters.java
@@ -299,13 +299,6 @@ public int type() {
     private int bufferSize = 512;
     private int deflateStrategy = Deflater.DEFAULT_STRATEGY;
 
-    private String requireNonNulByte(final String text) {
-        if (StringUtils.isNotEmpty(text) && ArrayUtils.contains(text.getBytes(fileNameCharset), (byte) 0)) {
-            throw new IllegalArgumentException("String encoded in Charset '" + fileNameCharset + "' contains the nul byte 0 which is not supported in gzip.");
-        }
-        return text;
-    }
-
     /**
      * Gets size of the buffer used to retrieve compressed data.
      *
@@ -382,7 +375,6 @@ public String getFileName() {
         return fileName;
     }
 
-
     /**
      * Gets the Charset to use for writing file names and comments.
      * <p>
@@ -396,6 +388,7 @@ public Charset getFileNameCharset() {
         return fileNameCharset;
     }
 
+
     /**
      * Gets the most recent modification time (MTIME) of the original file being compressed.
      *
@@ -439,6 +432,13 @@ public OS getOS() {
         return operatingSystem;
     }
 
+    private String requireNonNulByte(final String text) {
+        if (StringUtils.isNotEmpty(text) && ArrayUtils.contains(text.getBytes(fileNameCharset), (byte) 0)) {
+            throw new IllegalArgumentException("String encoded in Charset '" + fileNameCharset + "' contains the nul byte 0 which is not supported in gzip.");
+        }
+        return text;
+    }
+
     /**
      * Sets size of the buffer used to retrieve compressed data from {@link Deflater} and write to underlying {@link OutputStream}.
      *
diff --git a/src/test/java/org/apache/commons/compress/compressors/gzip/GzipParametersTest.java b/src/test/java/org/apache/commons/compress/compressors/gzip/GzipParametersTest.java
@@ -20,6 +20,7 @@
 package org.apache.commons.compress.compressors.gzip;
 
 import static org.junit.jupiter.api.Assertions.assertEquals;
+import static org.junit.jupiter.api.Assertions.assertNull;
 import static org.junit.jupiter.api.Assertions.assertThrows;
 import static org.junit.jupiter.api.Assertions.assertTrue;
 
@@ -43,12 +44,26 @@ public void testDeflaterStrategy() {
         assertEquals(Deflater.HUFFMAN_ONLY, gzipParameters.getDeflateStrategy());
     }
 
-    @Test
-    public void testToString() {
+    @ParameterizedTest
+    //@formatter:off
+    @CsvSource({
+        "          , hello\0world, false",
+        "ISO-8859-1, hello\0world, false",
+        "UTF-8     , hello\0world, false",
+        "UTF-16BE  , helloworld, false"
+    })
+    //@formatter:on
+    public void testIllegalCommentOrFileName(final Charset charset, final String text) {
         final GzipParameters gzipParameters = new GzipParameters();
-        assertTrue(gzipParameters.toString().contains("UNKNOWN"));
-        gzipParameters.setOS(GzipParameters.OS.Z_SYSTEM);
-        assertTrue(gzipParameters.toString().contains("Z_SYSTEM"));
+        if (charset != null) {
+            gzipParameters.setFileNameCharset(charset);
+        }
+        assertThrows(IllegalArgumentException.class, () -> gzipParameters.setComment(text));
+        assertNull(gzipParameters.getComment());
+        assertThrows(IllegalArgumentException.class, () -> gzipParameters.setFilename(text));
+        assertNull(gzipParameters.getFileName());
+        assertThrows(IllegalArgumentException.class, () -> gzipParameters.setFileName(text));
+        assertNull(gzipParameters.getFileName());
     }
 
     @ParameterizedTest
@@ -62,32 +77,24 @@ public void testToString() {
         "UTF-8     , helloéworld"
     })
     //@formatter:on
-    public void testLegalCommentOrFileName(final String charset, final String text) {
-        final GzipParameters p = new GzipParameters();
+    public void testLegalCommentOrFileName(final Charset charset, final String text) {
+        final GzipParameters gzipParameters = new GzipParameters();
         if (charset != null) {
-            p.setFileNameCharset(Charset.forName(charset));
+            gzipParameters.setFileNameCharset(charset);
         }
-        p.setComment(text);
-        p.setFilename(text);
-        p.setFileName(text);
+        gzipParameters.setComment(text);
+        assertEquals(text, gzipParameters.getComment());
+        gzipParameters.setFilename(text);
+        assertEquals(text, gzipParameters.getFileName());
+        gzipParameters.setFileName(text);
+        assertEquals(text, gzipParameters.getFileName());
     }
 
-    @ParameterizedTest
-    //@formatter:off
-    @CsvSource({
-        "          , hello\0world, false",
-        "ISO-8859-1, hello\0world, false",
-        "UTF-8     , hello\0world, false",
-        "UTF-16BE  , helloworld, false"
-    })
-    //@formatter:on
-    public void testIllegalCommentOrFileName(final String charset, final String text) {
-        final GzipParameters p = new GzipParameters();
-        if (charset != null) {
-            p.setFileNameCharset(Charset.forName(charset));
-        }
-        assertThrows(IllegalArgumentException.class, () -> p.setComment(text));
-        assertThrows(IllegalArgumentException.class, () -> p.setFilename(text));
-        assertThrows(IllegalArgumentException.class, () -> p.setFileName(text));
+    @Test
+    public void testToString() {
+        final GzipParameters gzipParameters = new GzipParameters();
+        assertTrue(gzipParameters.toString().contains("UNKNOWN"));
+        gzipParameters.setOS(GzipParameters.OS.Z_SYSTEM);
+        assertTrue(gzipParameters.toString().contains("Z_SYSTEM"));
     }
 }
