summaryrefslogtreecommitdiff
path: root/src/testdir
diff options
context:
space:
mode:
authorChristian Brabandt <cb@256bit.org>2026-04-01 16:23:49 +0000
committerChristian Brabandt <cb@256bit.org>2026-04-01 16:23:49 +0000
commit7088926316d8d4a7572a242d0765e99adfc8b083 (patch)
tree0772ae8c0d46acbfc0cd93021d18e5e25a30d131 /src/testdir
parentfe05143f5d70c89e4a14cbf61fee091dc6ba791c (diff)
downloadProject-Tick-7088926316d8d4a7572a242d0765e99adfc8b083.tar.gz
Project-Tick-7088926316d8d4a7572a242d0765e99adfc8b083.zip
patch 9.2.0280: [security]: path traversal issue in zip.vim
Problem: [security]: path traversal issue in zip.vim (MichaƂ Majchrowicz) Solution: Detect more such attacks and warn the user. Github Advisory: https://github.com/vim/vim/security/advisories/GHSA-jc86-w7vm-8p24 Signed-off-by: Christian Brabandt <cb@256bit.org>
Diffstat (limited to 'src/testdir')
-rw-r--r--src/testdir/samples/evil.zipbin148 -> 413 bytes
-rw-r--r--src/testdir/test_plugin_zip.vim22
2 files changed, 22 insertions, 0 deletions
diff --git a/src/testdir/samples/evil.zip b/src/testdir/samples/evil.zip
index e0a7f96141..17cffadf93 100644
--- a/src/testdir/samples/evil.zip
+++ b/src/testdir/samples/evil.zip
Binary files differ
diff --git a/src/testdir/test_plugin_zip.vim b/src/testdir/test_plugin_zip.vim
index 08f8223b60..53b6120834 100644
--- a/src/testdir/test_plugin_zip.vim
+++ b/src/testdir/test_plugin_zip.vim
@@ -274,3 +274,25 @@ def g:Test_zip_fname_evil_path()
assert_match('zipfile://.*::etc/ax-pwn', @%)
bw
enddef
+
+def g:Test_zip_fname_evil_path2()
+ CheckNotMSWindows
+ # needed for writing the zip file
+ CheckExecutable zip
+
+ CopyZipFile("evil.zip")
+ defer delete("X.zip")
+ e X.zip
+
+ :1
+ var fname = 'foobar'
+ search('\V' .. fname)
+ exe "normal \<cr>"
+ normal x
+ assert_false(filereadable('/tmp/foobar'))
+ :w
+ var mess = execute(':mess')
+ assert_match('Path Traversal Attack', mess)
+ assert_match('zipfile://.*::.*tmp/foobar', @%)
+ bw!
+enddef
generated by cgit 0.0.5-2-1-g0f52 (git 2.46.0) at 2026-04-06 07:47:01 +0000