improve file validation before upload, make sure we are dealing with zip based files

Author: jochen-testingbot

src/providers/espresso.ts

@@ -165,6 +165,7 @@ export default class Espresso extends BaseProvider<EspressoOptions> {
       credentials: this.credentials,
       contentType: 'application/vnd.android.package-archive',
       showProgress: !this.options.quiet,
+      validateZipFormat: true,
     });
 
     this.appId = result.id;
@@ -178,6 +179,7 @@ export default class Espresso extends BaseProvider<EspressoOptions> {
       credentials: this.credentials,
       contentType: 'application/vnd.android.package-archive',
       showProgress: !this.options.quiet,
+      validateZipFormat: true,
     });
 
     return true;

src/providers/maestro.ts

@@ -287,6 +287,7 @@ export default class Maestro extends BaseProvider<MaestroOptions> {
       credentials: this.credentials,
       contentType,
       showProgress: !this.options.quiet,
+      validateZipFormat: true,
     });
 
     this.appId = result.id;
@@ -346,6 +347,7 @@ export default class Maestro extends BaseProvider<MaestroOptions> {
           credentials: this.credentials,
           contentType: 'application/zip',
           showProgress: !this.options.quiet,
+          validateZipFormat: true,
         });
         return true;
       }

src/providers/xcuitest.ts

@@ -165,6 +165,7 @@ export default class XCUITest extends BaseProvider<XCUITestOptions> {
       credentials: this.credentials,
       contentType: 'application/octet-stream',
       showProgress: !this.options.quiet,
+      validateZipFormat: true,
     });
 
     this.appId = result.id;
@@ -178,6 +179,7 @@ export default class XCUITest extends BaseProvider<XCUITestOptions> {
       credentials: this.credentials,
       contentType: 'application/zip',
       showProgress: !this.options.quiet,
+      validateZipFormat: true,
     });
 
     return true;

src/upload.ts

@@ -21,6 +21,8 @@ export interface UploadOptions {
   contentType: ContentType;
   showProgress?: boolean;
   checksum?: string;
+  /** Validate that the file is a valid zip-based archive (APK, IPA, ZIP) */
+  validateZipFormat?: boolean;
 }
 
 export interface UploadResult {
@@ -33,6 +35,10 @@ export default class Upload {
 
     await this.validateFile(filePath);
 
+    if (options.validateZipFormat) {
+      await this.validateZipFormat(filePath);
+    }
+
     const fileName = path.basename(filePath);
     const fileStats = await fs.promises.stat(filePath);
     const totalSize = fileStats.size;
@@ -112,6 +118,14 @@ export default class Upload {
         throw error;
       }
       if (axios.isAxiosError(error)) {
+        // Handle 400 errors specifically for file uploads
+        if (error.response?.status === 400) {
+          const serverMessage = this.extractErrorMessage(error.response.data);
+          throw new TestingBotError(
+            `Upload rejected: ${serverMessage || 'The file was not accepted by the server'}`,
+            { cause: error },
+          );
+        }
         throw handleAxiosError(error, 'Upload failed');
       }
       throw new TestingBotError(
@@ -161,6 +175,57 @@ export default class Upload {
     }
   }
 
+  /**
+   * Validate that the file is a valid zip-based archive.
+   * ZIP, APK, IPA files all start with the ZIP magic bytes (PK\x03\x04).
+   */
+  private async validateZipFormat(filePath: string): Promise<void> {
+    const ZIP_MAGIC_BYTES = Buffer.from([0x50, 0x4b, 0x03, 0x04]); // PK\x03\x04
+
+    const fd = await fs.promises.open(filePath, 'r');
+    try {
+      const buffer = Buffer.alloc(4);
+      const { bytesRead } = await fd.read(buffer, 0, 4, 0);
+
+      if (bytesRead < 4 || !buffer.subarray(0, 4).equals(ZIP_MAGIC_BYTES)) {
+        const fileName = path.basename(filePath);
+        const ext = path.extname(filePath).toLowerCase();
+        throw new TestingBotError(
+          `Invalid file format: "${fileName}" is not a valid ${ext || 'archive'} file. ` +
+            `The file does not appear to be a valid zip-based archive (APK, IPA, or ZIP).`,
+        );
+      }
+    } finally {
+      await fd.close();
+    }
+  }
+
+  /**
+   * Extract error message from server response data
+   */
+  private extractErrorMessage(data: unknown): string | undefined {
+    if (!data) return undefined;
+
+    if (typeof data === 'string') {
+      try {
+        const parsed = JSON.parse(data);
+        return parsed.message || parsed.error || parsed.errors || data;
+      } catch {
+        return data;
+      }
+    }
+
+    if (typeof data === 'object') {
+      const obj = data as Record<string, unknown>;
+      if (typeof obj.message === 'string') return obj.message;
+      if (typeof obj.error === 'string') return obj.error;
+      if (typeof obj.errors === 'string') return obj.errors;
+      if (Array.isArray(obj.errors)) return obj.errors.join(', ');
+    }
+
+    return undefined;
+  }
+
   /**
    * Calculate MD5 checksum of a file, returning base64-encoded result
    * This matches ActiveStorage's checksum format

tests/providers/espresso.test.ts

@@ -35,6 +35,7 @@ jest.mock('node:fs', () => ({
     stat: jest.fn(),
     mkdir: jest.fn(),
     writeFile: jest.fn(),
+    open: jest.fn(),
   },
 }));
 
@@ -48,9 +49,25 @@ describe('Espresso', () => {
     'Pixel 6',
   );
 
+  // Helper to create a mock file handle for zip validation
+  const createMockFileHandle = () => ({
+    read: jest.fn().mockImplementation((buffer: Buffer) => {
+      // Write valid ZIP magic bytes (PK\x03\x04) to the provided buffer
+      const zipMagic = Buffer.from([0x50, 0x4b, 0x03, 0x04]);
+      zipMagic.copy(buffer, 0, 0, 4);
+      return Promise.resolve({ bytesRead: 4, buffer });
+    }),
+    close: jest.fn().mockResolvedValue(undefined),
+  });
+
   beforeEach(() => {
     espresso = new Espresso(mockCredentials, mockOptions);
     jest.clearAllMocks();
+
+    // Default mock for fs.promises.open - returns valid zip magic bytes
+    fs.promises.open = jest
+      .fn()
+      .mockResolvedValue(createMockFileHandle() as unknown as fs.promises.FileHandle);
   });
 
   describe('Validation', () => {

tests/providers/maestro.test.ts

@@ -60,6 +60,7 @@ jest.mock('node:fs', () => ({
     unlink: jest.fn(),
     mkdir: jest.fn(),
     writeFile: jest.fn(),
+    open: jest.fn(),
   },
   createWriteStream: jest.fn(() => ({
     on: jest.fn((event, cb) => {
@@ -81,9 +82,25 @@ describe('Maestro', () => {
     'Pixel 6',
   );
 
+  // Helper to create a mock file handle for zip validation
+  const createMockFileHandle = () => ({
+    read: jest.fn().mockImplementation((buffer: Buffer) => {
+      // Write valid ZIP magic bytes (PK\x03\x04) to the provided buffer
+      const zipMagic = Buffer.from([0x50, 0x4b, 0x03, 0x04]);
+      zipMagic.copy(buffer, 0, 0, 4);
+      return Promise.resolve({ bytesRead: 4, buffer });
+    }),
+    close: jest.fn().mockResolvedValue(undefined),
+  });
+
   beforeEach(() => {
     maestro = new Maestro(mockCredentials, mockOptions);
     jest.clearAllMocks();
+
+    // Default mock for fs.promises.open - returns valid zip magic bytes
+    fs.promises.open = jest
+      .fn()
+      .mockResolvedValue(createMockFileHandle() as unknown as fs.promises.FileHandle);
   });
 
   describe('Validation', () => {

tests/providers/xcuitest.test.ts

@@ -35,6 +35,7 @@ jest.mock('node:fs', () => ({
     stat: jest.fn(),
     mkdir: jest.fn(),
     writeFile: jest.fn(),
+    open: jest.fn(),
   },
 }));
 
@@ -48,9 +49,25 @@ describe('XCUITest', () => {
     'iPhone 15',
   );
 
+  // Helper to create a mock file handle for zip validation
+  const createMockFileHandle = () => ({
+    read: jest.fn().mockImplementation((buffer: Buffer) => {
+      // Write valid ZIP magic bytes (PK\x03\x04) to the provided buffer
+      const zipMagic = Buffer.from([0x50, 0x4b, 0x03, 0x04]);
+      zipMagic.copy(buffer, 0, 0, 4);
+      return Promise.resolve({ bytesRead: 4, buffer });
+    }),
+    close: jest.fn().mockResolvedValue(undefined),
+  });
+
   beforeEach(() => {
     xcuiTest = new XCUITest(mockCredentials, mockOptions);
     jest.clearAllMocks();
+
+    // Default mock for fs.promises.open - returns valid zip magic bytes
+    fs.promises.open = jest
+      .fn()
+      .mockResolvedValue(createMockFileHandle() as unknown as fs.promises.FileHandle);
   });
 
   describe('Validation', () => {