mirror of
https://github.com/astral-sh/ruff.git
synced 2025-10-01 14:21:53 +00:00
2590aa30ae
See: https://github.com/astral-sh/ruff/issues/1646. Bandit origin: https://github.com/PyCQA/bandit/blob/main/bandit/plugins/tarfile_unsafe_members.py
65 lines
1.6 KiB
Python
65 lines
1.6 KiB
Python
import sys
|
|
import tarfile
|
|
import tempfile
|
|
|
|
|
|
def unsafe_archive_handler(filename):
|
|
tar = tarfile.open(filename)
|
|
tar.extractall(path=tempfile.mkdtemp())
|
|
tar.close()
|
|
|
|
|
|
def managed_members_archive_handler(filename):
|
|
tar = tarfile.open(filename)
|
|
tar.extractall(path=tempfile.mkdtemp(), members=members_filter(tar))
|
|
tar.close()
|
|
|
|
|
|
def list_members_archive_handler(filename):
|
|
tar = tarfile.open(filename)
|
|
tar.extractall(path=tempfile.mkdtemp(), members=[])
|
|
tar.close()
|
|
|
|
|
|
def provided_members_archive_handler(filename):
|
|
tar = tarfile.open(filename)
|
|
tarfile.extractall(path=tempfile.mkdtemp(), members=tar)
|
|
tar.close()
|
|
|
|
|
|
def filter_data(filename):
|
|
tar = tarfile.open(filename)
|
|
tarfile.extractall(path=tempfile.mkdtemp(), filter="data")
|
|
tar.close()
|
|
|
|
|
|
def filter_fully_trusted(filename):
|
|
tar = tarfile.open(filename)
|
|
tarfile.extractall(path=tempfile.mkdtemp(), filter="fully_trusted")
|
|
tar.close()
|
|
|
|
|
|
def filter_tar(filename):
|
|
tar = tarfile.open(filename)
|
|
tarfile.extractall(path=tempfile.mkdtemp(), filter="tar")
|
|
tar.close()
|
|
|
|
|
|
def members_filter(tarfile):
|
|
result = []
|
|
for member in tarfile.getmembers():
|
|
if '../' in member.name:
|
|
print('Member name container directory traversal sequence')
|
|
continue
|
|
elif (member.issym() or member.islnk()) and ('../' in member.linkname):
|
|
print('Symlink to external resource')
|
|
continue
|
|
result.append(member)
|
|
return result
|
|
|
|
|
|
if __name__ == "__main__":
|
|
if len(sys.argv) > 1:
|
|
filename = sys.argv[1]
|
|
unsafe_archive_handler(filename)
|
|
managed_members_archive_handler(filename)
|