test/integration/targets/ansible-galaxy-collection/files/build_bad_tar.py


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84

#!/usr/bin/env python

# Copyright: (c) 2020, Ansible Project
# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)

from __future__ import (absolute_import, division, print_function)
__metaclass__ = type

import hashlib
import io
import json
import os
import sys
import tarfile

manifest = {
    'collection_info': {
        'namespace': 'suspicious',
        'name': 'test',
        'version': '1.0.0',
        'dependencies': {},
    },
    'file_manifest_file': {
        'name': 'FILES.json',
        'ftype': 'file',
        'chksum_type': 'sha256',
        'chksum_sha256': None,
        'format': 1
    },
    'format': 1,
}

files = {
    'files': [
        {
            'name': '.',
            'ftype': 'dir',
            'chksum_type': None,
            'chksum_sha256': None,
            'format': 1,
        },
    ],
    'format': 1,
}


def add_file(tar_file, filename, b_content, update_files=True):
    tar_info = tarfile.TarInfo(filename)
    tar_info.size = len(b_content)
    tar_info.mode = 0o0755
    tar_file.addfile(tarinfo=tar_info, fileobj=io.BytesIO(b_content))

    if update_files:
        sha256 = hashlib.sha256()
        sha256.update(b_content)

        files['files'].append({
            'name': filename,
            'ftype': 'file',
            'chksum_type': 'sha256',
            'chksum_sha256': sha256.hexdigest(),
            'format': 1
        })


collection_tar = os.path.join(sys.argv[1], 'suspicious-test-1.0.0.tar.gz')
with tarfile.open(collection_tar, mode='w:gz') as tar_file:
    add_file(tar_file, '../../outside.sh', b"#!/usr/bin/env bash\necho \"you got pwned\"")

    b_files = json.dumps(files).encode('utf-8')
    b_files_hash = hashlib.sha256()
    b_files_hash.update(b_files)
    manifest['file_manifest_file']['chksum_sha256'] = b_files_hash.hexdigest()
    add_file(tar_file, 'FILES.json', b_files)
    add_file(tar_file, 'MANIFEST.json', json.dumps(manifest).encode('utf-8'))

    b_manifest = json.dumps(manifest).encode('utf-8')

    for name, b in [('MANIFEST.json', b_manifest), ('FILES.json', b_files)]:
        b_io = io.BytesIO(b)
        tar_info = tarfile.TarInfo(name)
        tar_info.size = len(b)
        tar_info.mode = 0o0644
        tar_file.addfile(tarinfo=tar_info, fileobj=b_io)