SCANJLIB-208 Set posix permissions when extracting tar.gz

Author: henryju

lib/src/main/java/org/sonarsource/scanner/lib/internal/util/CompressionUtils.java

@@ -25,19 +25,35 @@
 import java.io.OutputStream;
 import java.nio.file.Files;
 import java.nio.file.Path;
+import java.nio.file.StandardCopyOption;
+import java.nio.file.attribute.PosixFilePermission;
+import java.util.EnumSet;
 import java.util.Enumeration;
+import java.util.List;
+import java.util.Set;
 import java.util.function.Predicate;
 import java.util.zip.ZipEntry;
 import java.util.zip.ZipFile;
-import org.apache.commons.compress.archivers.ArchiveEntry;
+import org.apache.commons.compress.archivers.tar.TarArchiveEntry;
 import org.apache.commons.compress.archivers.tar.TarArchiveInputStream;
 import org.apache.commons.compress.compressors.gzip.GzipCompressorInputStream;
 import org.apache.commons.io.IOUtils;
 
+import static org.apache.commons.lang3.SystemUtils.IS_OS_WINDOWS;
+
 public final class CompressionUtils {
 
   private static final String ERROR_CREATING_DIRECTORY = "Error creating directory: ";
 
+  // indexed by the standard binary representation of permission
+  // if permission is 644; in binary 110 100 100
+  // the positions of the ones (little endian) give the index of the permission in the list below
+  private static final List<PosixFilePermission> POSIX_PERMISSIONS = List.of(
+    PosixFilePermission.OTHERS_EXECUTE, PosixFilePermission.OTHERS_WRITE, PosixFilePermission.OTHERS_READ,
+    PosixFilePermission.GROUP_EXECUTE, PosixFilePermission.GROUP_WRITE, PosixFilePermission.GROUP_READ,
+    PosixFilePermission.OWNER_EXECUTE, PosixFilePermission.OWNER_WRITE, PosixFilePermission.OWNER_READ);
+  private static final int MAX_MODE = (1 << POSIX_PERMISSIONS.size()) - 1;
+
   private CompressionUtils() {
     // utility class
   }
@@ -110,23 +126,44 @@ public static void extractTarGz(Path compressedFile, Path targetDir) throws IOEx
     try (InputStream fis = Files.newInputStream(compressedFile);
       InputStream bis = new BufferedInputStream(fis);
       InputStream gzis = new GzipCompressorInputStream(bis);
-      TarArchiveInputStream archive = new TarArchiveInputStream(gzis)) {
-      ArchiveEntry entry;
-      while ((entry = archive.getNextEntry()) != null) {
-        if (!archive.canReadEntryData(entry)) {
+      TarArchiveInputStream tarArchiveInputStream = new TarArchiveInputStream(gzis)) {
+      TarArchiveEntry targzEntry;
+      while ((targzEntry = tarArchiveInputStream.getNextEntry()) != null) {
+        if (!tarArchiveInputStream.canReadEntryData(targzEntry)) {
           continue;
         }
-        var f = targetDir.resolve(entry.getName());
-        if (entry.isDirectory()) {
-          Files.createDirectories(f);
+        var entry = targetDir.resolve(targzEntry.getName());
+        if (targzEntry.isDirectory()) {
+          Files.createDirectories(entry);
         } else {
-          var parent = f.getParent();
-          Files.createDirectories(parent);
-          try (OutputStream o = Files.newOutputStream(f)) {
-            IOUtils.copy(archive, o);
+          if (!Files.isDirectory(entry.getParent())) {
+            Files.createDirectories(entry.getParent());
+          }
+          Files.copy(tarArchiveInputStream, entry, StandardCopyOption.REPLACE_EXISTING);
+          int mode = targzEntry.getMode();
+          if (mode != 0 && !IS_OS_WINDOWS) {
+            Set<PosixFilePermission> permissions = fromFileMode(mode);
+            Files.setPosixFilePermissions(entry, permissions);
           }
         }
       }
     }
   }
+
+  static Set<PosixFilePermission> fromFileMode(final int fileMode) {
+    if ((fileMode & MAX_MODE) != fileMode) {
+      throw new IllegalStateException(
+        "Invalid file mode '" + Integer.toOctalString(fileMode) + "'. File mode must be between 0 and " + MAX_MODE + " (" + Integer.toOctalString(MAX_MODE) + " in octal)");
+    }
+
+    final Set<PosixFilePermission> ret = EnumSet.noneOf(PosixFilePermission.class);
+
+    for (int i = 0; i < POSIX_PERMISSIONS.size(); i++) {
+      if ((fileMode & (1 << i)) != 0) {
+        ret.add(POSIX_PERMISSIONS.get(i));
+      }
+    }
+
+    return ret;
+  }
 }

lib/src/test/java/org/sonarsource/scanner/lib/internal/util/CompressionUtilsTest.java

@@ -25,6 +25,15 @@
 import org.junit.jupiter.api.Test;
 import org.junit.jupiter.api.io.TempDir;
 
+import static java.nio.file.attribute.PosixFilePermission.GROUP_EXECUTE;
+import static java.nio.file.attribute.PosixFilePermission.GROUP_READ;
+import static java.nio.file.attribute.PosixFilePermission.GROUP_WRITE;
+import static java.nio.file.attribute.PosixFilePermission.OTHERS_EXECUTE;
+import static java.nio.file.attribute.PosixFilePermission.OTHERS_READ;
+import static java.nio.file.attribute.PosixFilePermission.OTHERS_WRITE;
+import static java.nio.file.attribute.PosixFilePermission.OWNER_EXECUTE;
+import static java.nio.file.attribute.PosixFilePermission.OWNER_READ;
+import static java.nio.file.attribute.PosixFilePermission.OWNER_WRITE;
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.assertj.core.api.Assertions.assertThatThrownBy;
 
@@ -69,4 +78,30 @@ void extract_tar_gz() throws IOException {
     CompressionUtils.extractTarGz(tar, toDir);
     assertThat(toDir.toFile().list()).hasSize(3);
   }
+
+  @Test
+  void fileMode_conversion() {
+    assertThat(CompressionUtils.fromFileMode(Integer.parseInt("000", 8))).isEmpty();
+    assertThat(CompressionUtils.fromFileMode(Integer.parseInt("001", 8))).containsExactlyInAnyOrder(OTHERS_EXECUTE);
+    assertThat(CompressionUtils.fromFileMode(Integer.parseInt("002", 8))).containsExactlyInAnyOrder(OTHERS_WRITE);
+    assertThat(CompressionUtils.fromFileMode(Integer.parseInt("003", 8))).containsExactlyInAnyOrder(OTHERS_WRITE, OTHERS_EXECUTE);
+    assertThat(CompressionUtils.fromFileMode(Integer.parseInt("004", 8))).containsExactlyInAnyOrder(OTHERS_READ);
+    assertThat(CompressionUtils.fromFileMode(Integer.parseInt("005", 8))).containsExactlyInAnyOrder(OTHERS_READ, OTHERS_EXECUTE);
+    assertThat(CompressionUtils.fromFileMode(Integer.parseInt("006", 8))).containsExactlyInAnyOrder(OTHERS_READ, OTHERS_WRITE);
+    assertThat(CompressionUtils.fromFileMode(Integer.parseInt("007", 8))).containsExactlyInAnyOrder(OTHERS_READ, OTHERS_WRITE, OTHERS_EXECUTE);
+    assertThat(CompressionUtils.fromFileMode(Integer.parseInt("010", 8))).containsExactlyInAnyOrder(GROUP_EXECUTE);
+    assertThat(CompressionUtils.fromFileMode(Integer.parseInt("020", 8))).containsExactlyInAnyOrder(GROUP_WRITE);
+    assertThat(CompressionUtils.fromFileMode(Integer.parseInt("030", 8))).containsExactlyInAnyOrder(GROUP_WRITE, GROUP_EXECUTE);
+    assertThat(CompressionUtils.fromFileMode(Integer.parseInt("040", 8))).containsExactlyInAnyOrder(GROUP_READ);
+    assertThat(CompressionUtils.fromFileMode(Integer.parseInt("050", 8))).containsExactlyInAnyOrder(GROUP_READ, GROUP_EXECUTE);
+    assertThat(CompressionUtils.fromFileMode(Integer.parseInt("060", 8))).containsExactlyInAnyOrder(GROUP_READ, GROUP_WRITE);
+    assertThat(CompressionUtils.fromFileMode(Integer.parseInt("070", 8))).containsExactlyInAnyOrder(GROUP_READ, GROUP_WRITE, GROUP_EXECUTE);
+    assertThat(CompressionUtils.fromFileMode(Integer.parseInt("100", 8))).containsExactlyInAnyOrder(OWNER_EXECUTE);
+    assertThat(CompressionUtils.fromFileMode(Integer.parseInt("200", 8))).containsExactlyInAnyOrder(OWNER_WRITE);
+    assertThat(CompressionUtils.fromFileMode(Integer.parseInt("300", 8))).containsExactlyInAnyOrder(OWNER_WRITE, OWNER_EXECUTE);
+    assertThat(CompressionUtils.fromFileMode(Integer.parseInt("400", 8))).containsExactlyInAnyOrder(OWNER_READ);
+    assertThat(CompressionUtils.fromFileMode(Integer.parseInt("500", 8))).containsExactlyInAnyOrder(OWNER_READ, OWNER_EXECUTE);
+    assertThat(CompressionUtils.fromFileMode(Integer.parseInt("600", 8))).containsExactlyInAnyOrder(OWNER_READ, OWNER_WRITE);
+    assertThat(CompressionUtils.fromFileMode(Integer.parseInt("700", 8))).containsExactlyInAnyOrder(OWNER_READ, OWNER_WRITE, OWNER_EXECUTE);
+  }
 }