def VerifySafeArchive(archive): def ResolvePath(path_name): return os.path.realpath(os.path.abspath(path_name)) # Must add pathsep to avoid false positives. # Ex: /tmp/abc/bad_file.py starts with /tmp/a but not /tmp/a/ base_path = ResolvePath(os.getcwd()) + os.path.sep for member in archive.namelist(): if not ResolvePath(os.path.join(base_path, member)).startswith(base_path): raise exceptions.ArchiveError( 'Archive %s contains a bad member: %s.' % (archive.filename, member))
def GetUnzippedPath(self): if self.ShouldUnzipArchive(): # TODO(aiolos): Replace UnzipFile with zipfile.extractall once python # version 2.7.4 or later can safely be assumed. dependency_manager_util.UnzipArchive(self._archive_file, self._unzip_path) if self.ShouldUnzipArchive(): raise exceptions.ArchiveError( "Expected path '%s' was not extracted from archive '%s'." % (self._dependency_path, self._archive_file)) return self._dependency_path
def GetUnzippedPath(self): if self.ShouldUnzipArchive(): # Remove stale unzip results if self._stale_unzip_path_glob: for path in glob.glob(self._stale_unzip_path_glob): shutil.rmtree(path, ignore_errors=True) # TODO(aiolos): Replace UnzipFile with zipfile.extractall once python # version 2.7.4 or later can safely be assumed. dependency_manager_util.UnzipArchive(self._archive_file, self._unzip_path) if self.ShouldUnzipArchive(): raise exceptions.ArchiveError( "Expected path '%s' was not extracted from archive '%s'." % (self._dependency_path, self._archive_file)) return self._dependency_path
def ShouldUnzipArchive(self): if not self._has_minimum_data: raise exceptions.ArchiveError( 'Missing needed info to unzip archive. Known data: %s', self.data_string) return not os.path.exists(self._dependency_path)