def sanitize_tarinfo(tarinfo: tarfile.TarInfo): path = Path(tarinfo.name) # Ban absolute paths if path.is_absolute(): return False # Ban paths containing .. that would go outside try: base = Path("fake_path") base.joinpath(path).relative_to(base) except ValueError as e: logger.warning(f"Unsafe path {path}") return False # Ban links that would point somewhere outside if tarinfo.islnk() or tarinfo.issym(): try: base = Path("fake_path") link = path.parent / tarinfo.linkname base.joinpath(link).relative_to(base) except ValueError as e: logger.warning(f"Unsafe path {path}") return False return True
def _is_file_type_forbidden(tarinfo: tarfile.TarInfo) -> bool: return (tarinfo.islnk() or tarinfo.isblk() or tarinfo.ischr() or tarinfo.isdev() or tarinfo.isfifo() or tarinfo.issym() or tarinfo.islnk())
def _member_is_safe(member: tarfile.TarInfo) -> bool: if member.isfile(): return getattr(member, 'sparse', None) is None return member.isdir() or member.issym() or member.islnk()
def strip_prefix(self, prefix: str, member: tarfile.TarInfo): member.name = self.strip_slash(prefix, member.name) # Strip hardlinks if member.islnk() and not member.issym(): member.linkname = self.strip_slash(prefix, member.linkname)
def _member_is_safe(member: tarfile.TarInfo) -> bool: return ( member.isfile() or member.isdir() or member.issym() or member.islnk() )