Migrate TestCoreZipslip from test_core.py to core_test.go

Author: MatteoPologruto

internal/integrationtest/core/core_test.go

@@ -345,3 +345,17 @@ func TestCoreUninstallToolDependencyRemoval(t *testing.T) {
 	// The tool arduino:avrdude@6.3.0-arduino17 that is only a dep of arduino:avr should have been removed
 	require.False(t, avrDudeBinariesPath.Join("avrdude").Exist() || avrDudeBinariesPath.Join("avrdude.exe").Exist())
 }
+
+func TestCoreZipslip(t *testing.T) {
+	env, cli := integrationtest.CreateArduinoCLIWithEnvironment(t)
+	defer env.CleanUp()
+
+	url := "https://raw.githubusercontent.com/arduino/arduino-cli/master/test/testdata/test_index.json"
+	_, _, err := cli.Run("core", "update-index", "--additional-urls="+url)
+	require.NoError(t, err)
+
+	// Install a core and check if malicious content has been extracted.
+	_, _, err = cli.Run("core", "install", "zipslip:x86", "--additional-urls="+url)
+	require.Error(t, err)
+	require.NoFileExists(t, paths.TempDir().Join("evil.txt").String())
+}

test/test_core.py

@@ -47,15 +47,6 @@ def test_core_install_esp32(run_command, data_dir):
     assert (build_dir / f"{sketch_name}.ino.partitions.bin").exists()
 
 
-def test_core_zipslip(run_command):
-    url = "https://raw.githubusercontent.com/arduino/arduino-cli/master/test/testdata/test_index.json"
-    assert run_command(["core", "update-index", f"--additional-urls={url}"])
-
-    # Install a core and check if malicious content has been extracted.
-    run_command(["core", "install", "zipslip:x86", f"--additional-urls={url}"])
-    assert os.path.exists("/tmp/evil.txt") is False
-
-
 def test_core_broken_install(run_command):
     url = "https://raw.githubusercontent.com/arduino/arduino-cli/master/test/testdata/test_index.json"
     assert run_command(["core", "update-index", f"--additional-urls={url}"])