Skip to content

Commit 41bf790

Browse files
lucacasonatolucacasonato
authored
fix: properly error for invalid tarballs (#998)
1 parent 39b2a3a commit 41bf790

File tree

1 file changed

+14
-7
lines changed

1 file changed

+14
-7
lines changed

api/src/tarball.rs

Lines changed: 14 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -102,7 +102,7 @@ pub async fn process_tarball(
102102
let async_read = stream.into_async_read();
103103
let mut tar = async_tar::Archive::new(async_read)
104104
.entries()
105-
.map_err(PublishError::UntarError)?;
105+
.map_err(from_tarball_io_error)?;
106106

107107
let mut files = HashMap::new();
108108
let mut case_insensitive_paths = HashSet::<CaseInsensitivePackagePath>::new();
@@ -126,7 +126,7 @@ pub async fn process_tarball(
126126
};
127127

128128
while let Some(res) = tar.next().await {
129-
let mut entry = res.map_err(PublishError::UntarError)?;
129+
let mut entry = res.map_err(from_tarball_io_error)?;
130130

131131
let header = entry.header();
132132
let path = String::from_utf8_lossy(&entry.path_bytes()).into_owned();
@@ -158,7 +158,7 @@ pub async fn process_tarball(
158158
});
159159
}
160160

161-
let size = header.size().map_err(PublishError::UntarError)?;
161+
let size = header.size().map_err(from_tarball_io_error)?;
162162
if size > max_file_size {
163163
return Err(PublishError::FileTooLarge {
164164
path,
@@ -180,7 +180,7 @@ pub async fn process_tarball(
180180
entry
181181
.read_to_end(&mut bytes)
182182
.await
183-
.map_err(PublishError::UntarError)?;
183+
.map_err(from_tarball_io_error)?;
184184

185185
// sha256 hash the bytes
186186
let hash = sha2::Sha256::digest(&bytes);
@@ -479,8 +479,8 @@ pub enum PublishError {
479479
#[error("gcs upload error: {0}")]
480480
GcsUploadError(GcsError),
481481

482-
#[error("untar error: {0}")]
483-
UntarError(io::Error),
482+
#[error("invalid tarball: {0}")]
483+
InvalidTarball(io::Error),
484484

485485
#[error("database error")]
486486
DatabaseError(#[from] sqlx::Error),
@@ -630,9 +630,9 @@ impl PublishError {
630630
match self {
631631
PublishError::GcsDownloadError(_) => None,
632632
PublishError::GcsUploadError(_) => None,
633-
PublishError::UntarError(_) => None,
634633
PublishError::MissingTarball => None,
635634
PublishError::DatabaseError(_) => None,
635+
PublishError::InvalidTarball(_) => Some("invalidTarball"),
636636
PublishError::LinkInTarball { .. } => Some("linkInTarball"),
637637
PublishError::InvalidEntryType { .. } => Some("invalidEntryType"),
638638
PublishError::InvalidPath { .. } => Some("invalidPath"),
@@ -686,6 +686,13 @@ impl PublishError {
686686
}
687687
}
688688

689+
fn from_tarball_io_error(err: io::Error) -> PublishError {
690+
match err.downcast::<reqwest::Error>() {
691+
Ok(err) => PublishError::GcsDownloadError(GcsError::Reqwest(err)),
692+
Err(err) => PublishError::InvalidTarball(err),
693+
}
694+
}
695+
689696
pub struct FileInfo {
690697
pub path: PackagePath,
691698
pub size: u64,

0 commit comments

Comments
 (0)