From e8e3447f15549df884b33a0e0d4ffe7bf308a680 Mon Sep 17 00:00:00 2001 From: Daniel Lockyer Date: Wed, 8 May 2024 11:05:21 +0200 Subject: [PATCH] Fixed handling empty zip file uploads fix https://linear.app/tryghost/issue/SLO-102/end-of-central-directory-record-signature-not-found-an-unexpected - previously, uploading an empty zip would result in a HTTP 500 error because yauzl would error and we'd bubble that up as an InternalServerError - now, we catch the specific error message and return a more user friendly error - also includes tests and sample zip file --- ghost/core/core/server/data/importer/import-manager.js | 5 +++++ ghost/core/test/e2e-api/admin/db.test.js | 10 ++++++++++ ghost/core/test/utils/fixtures/import/zips/empty.zip | 0 3 files changed, 15 insertions(+) create mode 100644 ghost/core/test/utils/fixtures/import/zips/empty.zip diff --git a/ghost/core/core/server/data/importer/import-manager.js b/ghost/core/core/server/data/importer/import-manager.js index d1d4891785..431e5672c5 100644 --- a/ghost/core/core/server/data/importer/import-manager.js +++ b/ghost/core/core/server/data/importer/import-manager.js @@ -235,6 +235,11 @@ class ImportManager { help: tpl(messages.invalidZipFileNameEncodingHelp), code: 'INVALID_ZIP_FILE_NAME_ENCODING' }); + } else if (err.message.includes('end of central directory record signature not found')) { // This comes from Yauzl when the zip is invalid + throw new errors.UnsupportedMediaTypeError({ + message: tpl(messages.invalidZipFileNameEncoding), + code: 'INVALID_ZIP_FILE' + }); } throw err; } diff --git a/ghost/core/test/e2e-api/admin/db.test.js b/ghost/core/test/e2e-api/admin/db.test.js index daacc0b32e..d439edec4b 100644 --- a/ghost/core/test/e2e-api/admin/db.test.js +++ b/ghost/core/test/e2e-api/admin/db.test.js @@ -103,4 +103,14 @@ describe('DB API', function () { }] }); }); + + it('Handles invalid zip file uploads', async function () { + const res = await request.post(localUtils.API.getApiQuery('db/')) + .set('Origin', config.get('url')) + .attach('importfile', 'test/utils/fixtures/import/zips/empty.zip') + .expect('Content-Type', /json/) + .expect(415); + + res.body.errors[0].message.should.eql('The uploaded zip could not be read'); + }); }); diff --git a/ghost/core/test/utils/fixtures/import/zips/empty.zip b/ghost/core/test/utils/fixtures/import/zips/empty.zip new file mode 100644 index 0000000000..e69de29bb2