Improve ZIP reading safety

bio-miga · Jan 23, 2024 · 85d56ea · 85d56ea
1 parent 246dd60
commit 85d56ea
Show file tree

Hide file tree

Showing 3 changed files with 6 additions and 5 deletions.
diff --git a/lib/miga/remote_dataset/download.rb b/lib/miga/remote_dataset/download.rb
@@ -66,7 +66,7 @@ def ncbi_asm_get(opts)
         :zip, nil, opts[:extra], opts[:obj]
       )
       zip_tmp = Tempfile.new('asm.zip')
-      zip_tmp.puts zipped
+      zip_tmp.print(zipped)
       zip_tmp.close
 
       o = ''
@@ -76,14 +76,15 @@ def ncbi_asm_get(opts)
           if entry.file? && entry.name =~ /_genomic\.fna$/
             DEBUG "Extracting: #{entry.name}"
             entry.get_input_stream do |ifh|
-              cont = ifh.read
-              ofh&.puts cont
+              cont = MiGA::MiGA.normalize_encoding(ifh.read) + "\n"
+              ofh&.print(cont)
               o += cont
             end
           end
         end
       end
       ofh&.close
+      File.unlink(zip_tmp.path)
       o
     end
 

diff --git a/lib/miga/version.rb b/lib/miga/version.rb
@@ -12,7 +12,7 @@ module MiGA
   # - String indicating release status:
   #   - rc* release candidate, not released as gem
   #   - [0-9]+ stable release, released as gem
-  VERSION = [1.3, 9, 3].freeze
+  VERSION = [1.3, 9, 4].freeze
 
   ##
   # Nickname for the current major.minor version.

diff --git a/miga-base.gemspec b/miga-base.gemspec
@@ -30,7 +30,7 @@ Gem::Specification.new do |s|
   s.add_runtime_dependency 'sqlite3', '~> 1.3'
   s.add_runtime_dependency 'net-http'
   s.add_runtime_dependency 'net-ftp'
-  s.add_runtime_dependency 'rubyzip'
+  s.add_runtime_dependency 'rubyzip', '~> 2.3'
   s.required_ruby_version = '>= 2.7'
 
   # Docs + tests