doc(examples): add delete/update examples (#56)

Pr0methean · James MacAdie (TT sandbox) · github-advanced-security[bot] · web-flow · commit c10c33984f77 · 2026-01-19T07:33:31.000Z
* Add remove and update file examples Per discussion #430, it was not obvious to me how to update a file within an archive. I have added some examples of how to delete and update to make it easier for anyone in a similar situation to me in the future * Potential fix for code scanning alert no. 248: Uncontrolled data used in path expression Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com> Signed-off-by: Chris Hennick <4961925+Pr0methean@users.noreply.github.com> * Potential fix for code scanning alert no. 250: Uncontrolled data used in path expression Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com> Signed-off-by: Chris Hennick <4961925+Pr0methean@users.noreply.github.com> * Debug formatting of filenames to fix log injection Signed-off-by: Chris Hennick <4961925+Pr0methean@users.noreply.github.com> * Debug formatting of filenames to fix log injection Signed-off-by: Chris Hennick <4961925+Pr0methean@users.noreply.github.com> * Potential fix for code scanning alert no. 249: Uncontrolled data used in path expression Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com> Signed-off-by: Chris Hennick <4961925+Pr0methean@users.noreply.github.com> * Fix: don't drop new_archive since it's already been consumed Signed-off-by: Chris Hennick <4961925+Pr0methean@users.noreply.github.com> * Fixes * cargo clippy --fix * Suppress a Clippy warning * cargo fmt --all * Simplify examples by having main return anyhow::Result * Remove CI filters that were preventing this PR from being tested * Fix: use head-ref to define PR concurrency group, so dedup still happens * cargo fmt --all * rm anyhow * Simplify zip_dir error handling with a question mark Signed-off-by: Chris Hennick <4961925+Pr0methean@users.noreply.github.com> * fix return * Fix error-type conversion issue in specific configurations * fix file_info.rs --------- Signed-off-by: Chris Hennick <4961925+Pr0methean@users.noreply.github.com> Co-authored-by: James MacAdie (TT sandbox) <j.macadie@ttg.co.uk> Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com> Co-authored-by: n4n5 <its.just.n4n5@gmail.com>
diff --git a/Cargo.toml b/Cargo.toml
@@ -73,7 +73,6 @@ bencher = "0.1"
 getrandom = { version = "0.3", default-features = false, features = [] }
 walkdir = "2.5"
 time = { version = "0.3", features = ["formatting", "macros"] }
-anyhow = "1.0.100"
 clap = { version = "=4.4.18", features = ["derive"] }
 tempfile = "3.15"
 rayon = "1.11"
diff --git a/examples/delete_file_from_archive.rs b/examples/delete_file_from_archive.rs
@@ -0,0 +1,76 @@
+// See this dicussion for further background on why it is done like this:
+// https://github.com/zip-rs/zip/discussions/430
+
+use zip::result::{ZipError, ZipResult};
+
+fn main() -> Result<(), Box<dyn std::error::Error>> {
+    let args: Vec<_> = std::env::args().collect();
+    if args.len() < 3 {
+        return Err(format!(
+            "Usage: {:?} <filename> <file_within_archive_to_delete>",
+            args[0]
+        )
+        .into());
+    }
+    let filename = &*args[1];
+    let file_to_remove = &*args[2];
+    let base_dir = std::env::current_dir().unwrap_or_else(|_| std::path::PathBuf::from("."));
+    remove_file(&base_dir, filename, file_to_remove, false)?;
+    Ok(())
+}
+
+fn remove_file(
+    base_dir: &std::path::Path,
+    archive_filename: &str,
+    file_to_remove: &str,
+    in_place: bool,
+) -> ZipResult<()> {
+    let unsafe_path = std::path::Path::new(archive_filename);
+    let joined = base_dir.join(unsafe_path);
+    let fname = joined.canonicalize().map_err(|_| ZipError::FileNotFound)?;
+    if !fname.starts_with(base_dir) {
+        return Err(ZipError::FileNotFound);
+    }
+    let zipfile = std::fs::File::open(&fname)?;
+
+    let mut archive = zip::ZipArchive::new(zipfile)?;
+
+    // Open a new, empty archive for writing to
+    let new_filename = replacement_filename(fname.as_path())?;
+    let new_file = std::fs::File::create(&new_filename)?;
+    let mut new_archive = zip::ZipWriter::new(new_file);
+
+    // Loop through the original archive:
+    //  - Skip the target file
+    //  - Copy everything else across as raw, which saves the bother of decoding it
+    // The end effect is to have a new archive, which is a clone of the original,
+    // save for the target file which has been omitted i.e. deleted
+    let target: &std::path::Path = file_to_remove.as_ref();
+    for i in 0..archive.len() {
+        let file = archive.by_index_raw(i)?;
+        match file.enclosed_name() {
+            Some(p) if p == target => (),
+            _ => new_archive.raw_copy_file(file)?,
+        }
+    }
+    new_archive.finish()?;
+
+    drop(archive);
+
+    // If we're doing this in place then overwrite the original with the new
+    if in_place {
+        std::fs::rename(new_filename, &fname)?;
+    }
+
+    Ok(())
+}
+
+fn replacement_filename(source: &std::path::Path) -> ZipResult<std::path::PathBuf> {
+    let mut new = std::path::PathBuf::from(source);
+    let mut stem = source.file_stem().ok_or(ZipError::FileNotFound)?.to_owned();
+    stem.push("_updated");
+    new.set_file_name(stem);
+    let ext = source.extension().ok_or(ZipError::FileNotFound)?;
+    new.set_extension(ext);
+    Ok(new)
+}
diff --git a/examples/file_info.rs b/examples/file_info.rs
@@ -1,16 +1,22 @@
-use anyhow::{anyhow, Context, Result};
+//! Get the zip file infos
+//!
+//! ```sh
+//! cargo run --example file_info my_file.zip
+//! ```
+//!
+
 use std::fs;
 use std::io::BufReader;
 
-fn main() -> Result<()> {
+fn main() -> Result<(), Box<dyn std::error::Error>> {
     let args: Vec<_> = std::env::args().collect();
     if args.len() < 2 {
-        return Err(anyhow!("Usage: {} <filename>", args[0]));
+        return Err(format!("Usage: {} <filename>", args[0]).into());
     }
     let fname_arg = &args[1];
     // Determine a trusted base directory (current working directory).
-    let base_dir =
-        std::env::current_dir().with_context(|| "Could not determine current directory")?;
+    let base_dir = std::env::current_dir()
+        .map_err(|e| format!("Could not determine current directory: {e}"))?;
     // Construct the path relative to the trusted base directory and canonicalize it.
     let candidate_path = base_dir.join(fname_arg);
     // FIXME: still vulnerable to a Time-of-check to time-of-use (TOCTOU) race condition.
@@ -21,14 +27,12 @@ fn main() -> Result<()> {
     // (which isn't in std).
     let path = candidate_path
         .canonicalize()
-        .with_context(|| format!("Could not open {fname_arg:?}"))?;
-    if !path.starts_with(&base_dir.canonicalize().unwrap_or(base_dir.clone())) {
-        return Err(anyhow!(
-            "Error: refusing to open path outside of base directory: {fname_arg:?}"
-        ));
+        .map_err(|e| format!("Could not open {fname_arg:?}: {e}"))?;
+    if !path.starts_with(base_dir.canonicalize().unwrap_or(base_dir.clone())) {
+        return Err("Error: refusing to open path outside of base directory: {fname_arg:?}".into());
     }
     let mut archive = zip::ZipArchive::new(BufReader::new(fs::File::open(&path)?))
-        .with_context(|| format!("Could not open {fname_arg:?}"))?;
+        .map_err(|e| format!("Could not open {fname_arg:?}: {e}"))?;
     for i in 0..archive.len() {
         let file = archive.by_index(i)?;
         let outpath = match file.enclosed_name() {
diff --git a/examples/update_file_in_archive.rs b/examples/update_file_in_archive.rs
@@ -0,0 +1,92 @@
+// See this dicussion for further background on why it is done like this:
+// https://github.com/zip-rs/zip/discussions/430
+
+use std::io::Write;
+use zip::result::{ZipError, ZipResult};
+use zip::write::SimpleFileOptions;
+
+fn main() -> Result<(), Box<dyn std::error::Error>> {
+    let args: Vec<_> = std::env::args().collect();
+    if args.len() < 3 {
+        return Err(format!(
+            "Usage: {:?} <filename> <file_within_archive_to_update>",
+            args[0]
+        )
+        .into());
+    }
+    let filename = &*args[1];
+    let file_to_update = &*args[2];
+    update_file(filename, file_to_update, false)?;
+    Ok(())
+}
+
+fn update_file(archive_filename: &str, file_to_update: &str, in_place: bool) -> ZipResult<()> {
+    // Validate the archive path:
+    //  - Disallow absolute paths.
+    //  - Disallow parent directory components.
+    //  - Ensure the resolved path stays within the current working directory.
+    let raw_path = std::path::Path::new(archive_filename);
+    if raw_path.is_absolute()
+        || raw_path
+            .components()
+            .any(|c| matches!(c, std::path::Component::ParentDir))
+    {
+        return Err(ZipError::FileNotFound);
+    }
+
+    // Use the current working directory as the base for archives.
+    let base_dir = std::env::current_dir()?;
+    let joined = base_dir.join(raw_path);
+    let archive_path = joined.canonicalize()?;
+    if !archive_path.starts_with(&base_dir) {
+        return Err(ZipError::FileNotFound);
+    }
+
+    let zipfile = std::fs::File::open(&archive_path)?;
+
+    let mut archive = zip::ZipArchive::new(zipfile)?;
+
+    // Open a new, empty archive for writing to
+    let new_filename = replacement_filename(&archive_path)?;
+    let new_file = std::fs::File::create(&new_filename)?;
+    let mut new_archive = zip::ZipWriter::new(new_file);
+
+    // Loop through the original archive:
+    //  - Write the target file from some bytes
+    //  - Copy everything else across as raw, which saves the bother of decoding it
+    // The end effect is to have a new archive, which is a clone of the original,
+    // save for the target file which has been re-written
+    let target: &std::path::Path = file_to_update.as_ref();
+    let new = b"Lorem ipsum";
+    for i in 0..archive.len() {
+        let file = archive.by_index_raw(i)?;
+        match file.enclosed_name() {
+            Some(p) if p == target => {
+                new_archive.start_file(file_to_update, SimpleFileOptions::default())?;
+                new_archive.write_all(new)?;
+                new_archive.flush()?;
+            }
+            _ => new_archive.raw_copy_file(file)?,
+        }
+    }
+    new_archive.finish()?;
+
+    drop(archive);
+
+    // If we're doing this in place then overwrite the original with the new
+    if in_place {
+        std::fs::rename(&new_filename, &archive_path)?;
+    }
+
+    Ok(())
+}
+
+fn replacement_filename(source: &std::path::Path) -> ZipResult<std::path::PathBuf> {
+    let mut new = std::path::PathBuf::from(source);
+    let mut stem = source.file_stem().ok_or(ZipError::FileNotFound)?.to_owned();
+    stem.push("_updated");
+    new.set_file_name(stem);
+    let ext = source.extension().ok_or(ZipError::FileNotFound)?;
+    new.set_extension(ext);
+    Ok(new)
+}
diff --git a/examples/write_dir.rs b/examples/write_dir.rs
@@ -1,4 +1,9 @@
-use anyhow::{anyhow, Result};
+//! Example to write a zip dir
+//!
+//! ```sh
+//! cargo run --example write_dir src/ dest.zip xz
+//! ```
+
 use clap::{Parser, ValueEnum};
 use walkdir::WalkDir;
 use zip::{cfg_if_expr, result::ZipError, write::SimpleFileOptions};
@@ -28,41 +33,46 @@ enum CompressionMethod {
     Zstd,
 }
 
-fn main() -> Result<()> {
+fn main() -> Result<(), Box<dyn std::error::Error>> {
     let args = Args::parse();
     let src_dir = &args.source;
-    let dst_file = &args.destination;
-    let method: Result<zip::CompressionMethod> = match args.compression_method {
-        CompressionMethod::Stored => Ok(zip::CompressionMethod::Stored),
-        CompressionMethod::Deflated => cfg_if_expr! {
-            #[cfg(feature = "_deflate-any")] => Ok(zip::CompressionMethod::Deflated),
-            _ => Err(anyhow!("The `deflate-flate2` features are not enabled")),
-        },
-        CompressionMethod::Bzip2 => cfg_if_expr! {
-            #[cfg(feature = "_bzip2_any")] => Ok(zip::CompressionMethod::Bzip2),
-            _ => Err(anyhow!("The `bzip2` features are not enabled")),
-        },
-        CompressionMethod::Xz => cfg_if_expr! {
-            #[cfg(feature = "xz")] => Ok(zip::CompressionMethod::Xz),
-            _ => Err(anyhow!("The `xz` feature is not enabled")),
-        },
-        CompressionMethod::Zstd => cfg_if_expr! {
-            #[cfg(feature = "zstd")] => Ok(zip::CompressionMethod::Zstd),
-            _ => Err(anyhow!("The `zstd` feature is not enabled")),
-        },
-    };
+    let dest_file = &args.destination;
+    let method: Result<zip::CompressionMethod, Box<dyn std::error::Error>> =
+        match args.compression_method {
+            CompressionMethod::Stored => Ok(zip::CompressionMethod::Stored),
+            CompressionMethod::Deflated => cfg_if_expr! {
+                #[cfg(feature = "_deflate-any")] => Ok(zip::CompressionMethod::Deflated),
+                _ => Err("The `deflate-flate2` features are not enabled".into()),
+            },
+            CompressionMethod::Bzip2 => cfg_if_expr! {
+                #[cfg(feature = "_bzip2_any")] => Ok(zip::CompressionMethod::Bzip2),
+                _ => Err("The `bzip2` features are not enabled".into()),
+            },
+            CompressionMethod::Xz => cfg_if_expr! {
+                #[cfg(feature = "xz")] => Ok(zip::CompressionMethod::Xz),
+                _ => Err("The `xz` feature is not enabled".into()),
+            },
+            CompressionMethod::Zstd => cfg_if_expr! {
+                #[cfg(feature = "zstd")] => Ok(zip::CompressionMethod::Zstd),
+                _ => Err("The `zstd` feature is not enabled".into()),
+            },
+        };
     let method = method?;
-    zip_dir(src_dir, dst_file, method)?;
-    println!("done: {src_dir:?} written to {dst_file:?}");
+    zip_dir(src_dir, dest_file, method)?;
+    println!("done: {src_dir:?} written to {dest_file:?}");
     Ok(())
 }
 
-fn zip_dir(src_dir: &Path, dst_file: &Path, method: zip::CompressionMethod) -> Result<()> {
+fn zip_dir(
+    src_dir: &Path,
+    dest_file: &Path,
+    method: zip::CompressionMethod,
+) -> Result<(), Box<dyn std::error::Error>> {
     if !Path::new(src_dir).is_dir() {
         return Err(ZipError::FileNotFound.into());
     }
 
-    let path = Path::new(dst_file);
+    let path = Path::new(dest_file);
     let file = File::create(path)?;
 
     let walkdir = WalkDir::new(src_dir);
@@ -80,7 +90,7 @@ fn zip_dir(src_dir: &Path, dst_file: &Path, method: zip::CompressionMethod) -> R
         let path_as_string = name
             .to_str()
             .map(str::to_owned)
-            .ok_or_else(|| anyhow!("{name:?} is a Non UTF-8 Path"))?;
+            .ok_or_else(|| format!("{name:?} is a Non UTF-8 Path"))?;
 
         // Write file or directory explicitly
         // Some unzip tools unzip files with directory paths correctly, some do not!
