@@ -715,7 +715,7 @@ def mock_call_cmd(*args, **kwargs):
715715 with patch .object (sevenzp , 'call_cmd' , side_effect = mock_call_cmd ):
716716 # Attempting extraction with symlinks should raise ArchiveError
717717 with self .assertRaises (ArchiveError ) as ctx :
718- sevenzp ._detect_7zip_symlinks (password = None )
718+ sevenzp .extract (password = None )
719719 self .assertIn ("symlink" , str (ctx .exception ).lower ())
720720
721721 def test_7zip_path_traversal_protection_before_extraction (self ):
@@ -729,8 +729,36 @@ def test_7zip_path_traversal_protection_before_extraction(self):
729729 mock_pyfile .m .pyload = Mock ()
730730 sevenzp = SevenZip (mock_pyfile , "test.7z" , self .temp_dir )
731731
732- # Mock the list method to return a malicious path
733- with patch .object (sevenzp , 'list' , return_value = [os .path .join (self .temp_dir , "../etc/passwd" )]):
732+ # Mock the call_cmd to return list output with a malicious path
733+ def mock_call_cmd (* args , ** kwargs ):
734+ mock_process = Mock ()
735+ if "l" in args and "-slt" in args :
736+ # Simulate 7z list -slt output with a malicious path
737+ output = """
738+ Listing archive: test.7z
739+
740+ --
741+ Path = test.7z
742+ Type = 7z
743+ Physical Size = 1234567
744+ Headers Size = 4567
745+ Method = LZMA2:1536k
746+ Solid = +
747+ Blocks = 1
748+
749+ ----------
750+ Path = ../etc/passwd
751+ Size = 1024
752+ Attributes = .....
753+ """
754+ mock_process .communicate .return_value = (output , "" )
755+ else :
756+ mock_process .communicate .return_value = ("" , "" )
757+ mock_process .returncode = 0
758+ return mock_process
759+
760+ with patch .object (sevenzp , 'call_cmd' , side_effect = mock_call_cmd ):
734761 # Attempting extraction with traversal should raise ArchiveError
735- with self .assertRaises (ArchiveError ):
762+ with self .assertRaises (ArchiveError ) as ctx :
736763 sevenzp .extract (password = None )
764+ self .assertIn ("traversal" , str (ctx .exception ).lower ())
0 commit comments