module NdrImport::Helpers::File::Zip

This mixin adds Zip functionality to unified importers.

Private Instance Methods

unzip_file(source, destination, pattern = //) click to toggle source

Unzip the file, creating the destination directory if necessary. A pattern can be provided to only extract required files.

# File lib/ndr_import/helpers/file/zip.rb, line 12
def unzip_file(source, destination, pattern = //)
  # SECURE TVB Mon Aug 13 14:41:05 BST 2012 : SafePath will raise exception if insecure
  # path is constructed
  # SafeFile.safepath_to_string will make sure that the arguments are from type SafePath

  # SECURE: BNS 2010-09-21 (for external access)
  fail 'Not allowed in external environment' if defined?(::Rails) && ::Rails.env.external?

  require 'zip'
  # TODO: Abort if destination directory already exists...
  FileUtils.mkdir_p(SafeFile.safepath_to_string(destination))

  ::Zip::File.open(SafeFile.safepath_to_string(source)) do |zipfile|
    zipfile.entries.each do |entry|
      # SECURE: TPG 2010-11-1: The path is stripped from the zipfile entry when extracted
      basename = ::File.basename(entry.name)
      zipfile.extract(entry, destination.join(basename)) if entry.file? && basename.match(pattern)
    end
  end

rescue ::Zip::ZipDestinationFileExistsError
  # I'm going to ignore this and just overwrite the files.
rescue SecurityError => ex
  raise ex
rescue ArgumentError => ex
  raise ex
rescue => ex
  puts ex
end