cmd/go: fix detection of unexpected files in downloaded zips

A bug in the old code was indirectly causing a confusing print, but CL 131635 fixed the print instead of the surrounding code. Fix the surrounding code, restore the old print, and test that the error is actually reported (it was being ignored in a direct go get but displaying in go build). Change-Id: I03c21380fce481060c443b0cc820f3617497fdd9 Reviewed-on: https://go-review.googlesource.com/c/149317Reviewed-by: Bryan C. Mills <bcmills@google.com>

cmd/go: fix detection of unexpected files in downloaded zips
A bug in the old code was indirectly causing a confusing print, but CL 131635 fixed the print instead of the surrounding code. Fix the surrounding code, restore the old print, and test that the error is actually reported (it was being ignored in a direct go get but displaying in go build). Change-Id: I03c21380fce481060c443b0cc820f3617497fdd9 Reviewed-on: https://go-review.googlesource.com/c/149317Reviewed-by: Bryan C. Mills <bcmills@google.com>
f53a9868 · Russ Cox · 69010963 · f53a9868 · f53a9868 · f53a9868
Commit f53a9868 authored Nov 13, 2018 by Russ Cox
5 changed files
--- a/src/cmd/go/internal/modfetch/fetch.go
+++ b/src/cmd/go/internal/modfetch/fetch.go
@@ -119,11 +119,11 @@ func downloadZip(mod module.Version, target string) error {
 	if err != nil {
 		return err
 	}
-	prefix := mod.Path + "@" + mod.Version
+	prefix := mod.Path + "@" + mod.Version + "/"
 	for _, f := range z.File {
 		if !strings.HasPrefix(f.Name, prefix) {
 			z.Close()
-			return fmt.Errorf("zip for %s has unexpected file %s", prefix, f.Name)
+			return fmt.Errorf("zip for %s has unexpected file %s", prefix[:len(prefix)-1], f.Name)
 		}
 	}
 	z.Close()

--- a/src/cmd/go/internal/modget/get.go
+++ b/src/cmd/go/internal/modget/get.go
@@ -534,9 +534,11 @@ func runGet(cmd *base.Command, args []string) {
 					// module root.
 					continue
 				}
+				base.Errorf("%s", p.Error)
 			}
 			todo = append(todo, p)
 		}
+		base.ExitIfErrors()
 		// If -d was specified, we're done after the download: no build.
 		// (The load.PackagesAndErrors is what did the download

--- a/src/cmd/go/proxy_test.go
+++ b/src/cmd/go/proxy_test.go
@@ -197,7 +197,13 @@ func proxyHandler(w http.ResponseWriter, r *http.Request) {
 				if strings.HasPrefix(f.Name, ".") {
 					continue
 				}
-				zf, err := z.Create(path + "@" + vers + "/" + f.Name)
+				var zipName string
+				if strings.HasPrefix(f.Name, "/") {
+					zipName = f.Name[1:]
+				} else {
+					zipName = path + "@" + vers + "/" + f.Name
+				}
+				zf, err := z.Create(zipName)
 				if err != nil {
 					return cached{nil, err}
 				}

--- a/src/cmd/go/testdata/mod/rsc.io_badzip_v1.0.0.txt
+++ b/src/cmd/go/testdata/mod/rsc.io_badzip_v1.0.0.txt
+rsc.io/badzip v1.0.0
+written by hand
+-- .mod --
+module rsc.io/badzip
+-- .info --
+{"Version":"v1.0.0"}
+-- x.go --
+package x
+-- /rsc.io/badzip@v1.0.0.txt --
+This file should not be here.
--- a/src/cmd/go/testdata/script/mod_load_badzip.txt
+++ b/src/cmd/go/testdata/script/mod_load_badzip.txt
+# Zip files with unexpected file names inside should be rejected.
+env GO111MODULE=on
+! go get -d rsc.io/badzip
+stderr 'zip for rsc.io/badzip@v1.0.0 has unexpected file rsc.io/badzip@v1.0.0.txt'
+! go build rsc.io/badzip
+stderr 'zip for rsc.io/badzip@v1.0.0 has unexpected file rsc.io/badzip@v1.0.0.txt'
+-- go.mod --
+module m