From 3940f8c2a7fc03036e70411a01036fa0e280963f Mon Sep 17 00:00:00 2001 From: Brian Gough Date: Fri, 8 May 2026 10:35:56 +0100 Subject: [PATCH] Merge pull request #33504 from overleaf/bg-upgrade-yauzl Upgrade yauzl library in web to version 3.3.0 GitOrigin-RevId: 82b4158db7a432f4257bd48402840f07801c6d07 --- .../src/Features/Uploads/ArchiveManager.mjs | 2 +- services/web/package.json | 2 +- .../test_project_with_too_long_filename.zip | Bin 0 -> 717 bytes .../acceptance/src/ProjectStructureTests.mjs | 18 ++++++++++++++++++ .../unit/src/Uploads/ArchiveManager.test.mjs | 6 +++--- yarn.lock | 12 +++++++++++- 6 files changed, 34 insertions(+), 6 deletions(-) create mode 100644 services/web/test/acceptance/files/test_project_with_too_long_filename.zip diff --git a/services/web/app/src/Features/Uploads/ArchiveManager.mjs b/services/web/app/src/Features/Uploads/ArchiveManager.mjs index a2ecb3b13f..c9f5d6fa9f 100644 --- a/services/web/app/src/Features/Uploads/ArchiveManager.mjs +++ b/services/web/app/src/Features/Uploads/ArchiveManager.mjs @@ -138,7 +138,7 @@ function _extractZipFiles(source, destination) { destFile, }) zipfile.close() // bail out, stop reading file entries - done(err) + done(new InvalidZipFileError().withCause(err)) } else { entryFileCount++ zipfile.readEntry() // continue to the next file diff --git a/services/web/package.json b/services/web/package.json index a356a09d78..b147f14516 100644 --- a/services/web/package.json +++ b/services/web/package.json @@ -191,7 +191,7 @@ "xml-crypto": "^2.1.6", "xml2js": "^0.6.2", "xregexp": "^4.3.0", - "yauzl": "^2.10.0", + "yauzl": "^3.3.0", "zod": "^4.0.17", "zod-validation-error": "^4.0.1" }, diff --git a/services/web/test/acceptance/files/test_project_with_too_long_filename.zip b/services/web/test/acceptance/files/test_project_with_too_long_filename.zip new file mode 100644 index 0000000000000000000000000000000000000000..f6941caa0e4e29604a1475d92e282bb90aafff01 GIT binary patch literal 717 zcmWIWW@Zs#U|`^2aPwUrQz^c<(iq5d1!5US28P5@fHeg4N>VGjJ3UYO>z(yItL=Ht zQ%7%|pN`f^pL3pTdrtyoynN4}S>1M$xz#ABxagCk(aK8A6OR}IycwB9m~jU;Fx0`I g0T}e7fsZxhfr6mG5AbGX1BDSI5PAVaD;FGM00PAN5&!@I literal 0 HcmV?d00001 diff --git a/services/web/test/acceptance/src/ProjectStructureTests.mjs b/services/web/test/acceptance/src/ProjectStructureTests.mjs index 22e22a9fcc..52520eb5d1 100644 --- a/services/web/test/acceptance/src/ProjectStructureTests.mjs +++ b/services/web/test/acceptance/src/ProjectStructureTests.mjs @@ -250,6 +250,24 @@ describe('ProjectStructureChanges', function () { }) }) + describe('uploading a project containing a filename that is too long', function () { + let res + + beforeEach(async function () { + const { response } = await uploadExampleProject( + owner, + 'test_project_with_too_long_filename.zip', + { allowBadStatus: true } + ) + + res = response + }) + + it('should fail with 422 error', function () { + expect(res.statusCode).to.equal(422) + }) + }) + describe('deleting folders', function () { beforeEach(async function () { const { projectId } = await createExampleProject(owner) diff --git a/services/web/test/unit/src/Uploads/ArchiveManager.test.mjs b/services/web/test/unit/src/Uploads/ArchiveManager.test.mjs index ad57c170ea..59ab988e05 100644 --- a/services/web/test/unit/src/Uploads/ArchiveManager.test.mjs +++ b/services/web/test/unit/src/Uploads/ArchiveManager.test.mjs @@ -374,7 +374,7 @@ describe('ArchiveManager', function () { it('should reject with an error', function (ctx) { expect(ctx.error) .to.be.instanceOf(Error) - .and.have.property('message', 'Something went wrong') + .and.have.property('message', 'invalid_zip_file') }) it('should close the zipfile', function (ctx) { @@ -411,7 +411,7 @@ describe('ArchiveManager', function () { it('should reject with an error', function (ctx) { expect(ctx.error) .to.be.instanceOf(Error) - .and.have.property('message', 'Something went wrong') + .and.have.property('message', 'invalid_zip_file') }) it('should close the zipfile', function (ctx) { @@ -449,7 +449,7 @@ describe('ArchiveManager', function () { it('should reject with an error', function (ctx) { expect(ctx.error) .to.be.instanceOf(Error) - .and.have.property('message', 'Something went wrong') + .and.have.property('message', 'invalid_zip_file') }) it('should destroy the readstream', function (ctx) { ctx.readStream.destroy.called.should.equal(true) diff --git a/yarn.lock b/yarn.lock index 5be2ec1c05..48a119ec7e 100644 --- a/yarn.lock +++ b/yarn.lock @@ -7570,7 +7570,7 @@ __metadata: xml-crypto: "npm:^2.1.6" xml2js: "npm:^0.6.2" xregexp: "npm:^4.3.0" - yauzl: "npm:^2.10.0" + yauzl: "npm:^3.3.0" yup: "npm:^0.32.11" zod: "npm:^4.0.17" zod-validation-error: "npm:^4.0.1" @@ -34926,6 +34926,16 @@ __metadata: languageName: node linkType: hard +"yauzl@npm:^3.3.0": + version: 3.3.0 + resolution: "yauzl@npm:3.3.0" + dependencies: + buffer-crc32: "npm:~0.2.3" + pend: "npm:~1.2.0" + checksum: 10c0/935e32054171104bdf8a4091180f61b5698d8b90ee64552bb643c2176f815d4215d0764e3f41e0d9a1e4525b37602bf145ec5fd39dd014f0be7290851ce3acce + languageName: node + linkType: hard + "yn@npm:^3.1.1": version: 3.1.1 resolution: "yn@npm:3.1.1"