fix: CVE-2021-20218 adapt test to 4.7.x project structure

(cherry picked from commit 857c873)
fabric8io · Feb 9, 2021 · f4d70bb · f4d70bb
1 parent 9273ec3
commit f4d70bb
Show file tree

Hide file tree

Showing 3 changed files with 16 additions and 4 deletions.
diff --git a/kubernetes-client/pom.xml b/kubernetes-client/pom.xml
@@ -168,6 +168,11 @@
       <artifactId>mockito-core</artifactId>
       <scope>test</scope>
     </dependency>
+    <dependency>
+      <groupId>org.assertj</groupId>
+      <artifactId>assertj-core</artifactId>
+      <scope>test</scope>
+    </dependency>
   </dependencies>
 
   <build>

diff --git a/...PodOperationsImpl_CVE2021_20218_Test.java → ...PodOperationsImpl_CVE2021_20218_Test.java b/...PodOperationsImpl_CVE2021_20218_Test.java → ...PodOperationsImpl_CVE2021_20218_Test.java
@@ -13,13 +13,13 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
-package io.fabric8.kubernetes.client.dsl.internal.core.v1;
+package io.fabric8.kubernetes.client.dsl.internal;
 
 import io.fabric8.kubernetes.client.KubernetesClientException;
-import io.fabric8.kubernetes.client.dsl.internal.PodOperationContext;
 import org.junit.jupiter.api.BeforeEach;
 import org.junit.jupiter.api.Test;
 import org.junit.jupiter.api.io.TempDir;
+import org.mockito.Mockito;
 
 import java.nio.file.Path;
 
@@ -41,7 +41,7 @@ void setUp() {
   void testWithForgedTar(@TempDir Path targetDirParent) throws Exception {
     // Given
     final Path targetDir = targetDirParent.resolve("target");
-    final PodOperationsImpl poi = spy(new PodOperationsImpl(baseContext.withDir("/var/source-dir")));
+    final PodOperationsImpl poi = Mockito.spy(new PodOperationsImpl(baseContext.withDir("/var/source-dir")));
     doReturn(PodOperationsImpl_CVE2021_20218_Test.class.getResourceAsStream("/2021_20218/tar-with-parent-traversal.tar"))
       .when(poi).readTar("/var/source-dir");
     // When

diff --git a/pom.xml b/pom.xml
@@ -91,7 +91,7 @@
     <jsr305.version>3.0.2</jsr305.version>
 
     <!-- Testing versions -->
-    <assertj.core.version>3.14.0</assertj.core.version>
+    <assertj.core.version>3.19.0</assertj.core.version>
     <arquillian.core.version>1.2.0.Final</arquillian.core.version>
     <awaitility.version>4.0.2</awaitility.version>
     <jsonassert.version>1.5.0</jsonassert.version>
@@ -297,6 +297,13 @@
         <scope>import</scope>
         <type>pom</type>
       </dependency>
+
+      <dependency>
+        <groupId>org.assertj</groupId>
+        <artifactId>assertj-core</artifactId>
+        <version>${assertj.core.version}</version>
+        <scope>test</scope>
+      </dependency>
     </dependencies>
   </dependencyManagement>