1 files changed, 84 insertions, 0 deletions
diff --git a/test/integration/targets/ansible-galaxy-collection/files/build_bad_tar.py b/test/integration/targets/ansible-galaxy-collection/files/build_bad_tar.py
new file mode 100644
index 0000000..6182e86
--- /dev/null
+++ b/test/integration/targets/ansible-galaxy-collection/files/build_bad_tar.py
@@ -0,0 +1,84 @@
+#!/usr/bin/env python
+
+# Copyright: (c) 2020, Ansible Project
+# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
+
+from __future__ import (absolute_import, division, print_function)
+__metaclass__ = type
+
+import hashlib
+import io
+import json
+import os
+import sys
+import tarfile
+
+manifest = {
+    'collection_info': {
+        'namespace': 'suspicious',
+        'name': 'test',
+        'version': '1.0.0',
+        'dependencies': {},
+    },
+    'file_manifest_file': {
+        'name': 'FILES.json',
+        'ftype': 'file',
+        'chksum_type': 'sha256',
+        'chksum_sha256': None,
+        'format': 1
+    },
+    'format': 1,
+}
+
+files = {
+    'files': [
+        {
+            'name': '.',
+            'ftype': 'dir',
+            'chksum_type': None,
+            'chksum_sha256': None,
+            'format': 1,
+        },
+    ],
+    'format': 1,
+}
+
+
+def add_file(tar_file, filename, b_content, update_files=True):
+    tar_info = tarfile.TarInfo(filename)
+    tar_info.size = len(b_content)
+    tar_info.mode = 0o0755
+    tar_file.addfile(tarinfo=tar_info, fileobj=io.BytesIO(b_content))
+
+    if update_files:
+        sha256 = hashlib.sha256()
+        sha256.update(b_content)
+
+        files['files'].append({
+            'name': filename,
+            'ftype': 'file',
+            'chksum_type': 'sha256',
+            'chksum_sha256': sha256.hexdigest(),
+            'format': 1
+        })
+
+
+collection_tar = os.path.join(sys.argv[1], 'suspicious-test-1.0.0.tar.gz')
+with tarfile.open(collection_tar, mode='w:gz') as tar_file:
+    add_file(tar_file, '../../outside.sh', b"#!/usr/bin/env bash\necho \"you got pwned\"")
+
+    b_files = json.dumps(files).encode('utf-8')
+    b_files_hash = hashlib.sha256()
+    b_files_hash.update(b_files)
+    manifest['file_manifest_file']['chksum_sha256'] = b_files_hash.hexdigest()
+    add_file(tar_file, 'FILES.json', b_files)
+    add_file(tar_file, 'MANIFEST.json', json.dumps(manifest).encode('utf-8'))
+
+    b_manifest = json.dumps(manifest).encode('utf-8')
+
+    for name, b in [('MANIFEST.json', b_manifest), ('FILES.json', b_files)]:
+        b_io = io.BytesIO(b)
+        tar_info = tarfile.TarInfo(name)
+        tar_info.size = len(b)
+        tar_info.mode = 0o0644
+        tar_file.addfile(tarinfo=tar_info, fileobj=b_io)