Contrib.social

Decompress files for aaa_update_test

Open on Drupal.org →
Created on 19 June 2024, 11 days ago
Updated 20 June 2024, 10 days ago

Problem/Motivation

Compressed files, binaries, and databases are difficult to maintain and inspect.

This issue is to address:
./core/modules/update/tests/aaa_update_test.tar.gz

Background information

This was first reported to the Drupal security team who determined this could be a public followup.

Steps to reproduce

Proposed resolution

Remaining tasks

./core/modules/update/tests/aaa_update_test.tar.gz

User interface changes

API changes

Data model changes

Release notes snippet

🐛 Bug report
Status

Active

Version

11.0 🔥

Component
PHPUnit 

Last updated about 18 hours ago

Created by

🇺🇸United States nicxvan

Live updates comments and jobs are added and updated live.
  • Security

    It is used for security vulnerabilities which do not need a security advisory. For example, security issues in projects which do not have security advisory coverage, or forward-porting a change already disclosed in a security advisory. See Drupal’s security advisory policy for details. Be careful publicly disclosing security vulnerabilities! Use the “Report a security vulnerability” link in the project page’s sidebar. See how to report a security issue for details.

Sign in to follow issues

Comments & Activities

  • Issue created by @nicxvan
  • Comment 11 days ago
    🇺🇸United States nicxvan

    Ok the only reference to this archive file is here:

        // Check to ensure an existing module can't be reinstalled. Also checks that
    // the archive was extracted since we can't know if the module is already
    // installed until after extraction.
    $validArchiveFile = __DIR__ . '/../../aaa_update_test.tar.gz';
    $edit = [
      'files[project_upload]' => $validArchiveFile,
    ];

    I think we can just extract it and compress it right before this step as part of the step. It creates a bit of churn on each test, but it does solve the immediate security concern.

    There are a lot of references in the code to modules/update/tests/aaa_update_test.module, that file does not exist though so I'm not sure if there is a process I'm missing that extracts the archive first.

  • Comment 10 days ago
    🇺🇸United States nicxvan
contrib.social Blog FAQ Discussions
Production build 0.69.0 2024