File size: 775 Bytes
2cff482 |
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 |
78 - archive.extractall
78 + def is_within_directory(directory, target):
79 +
80 + abs_directory = os.path.abspath(directory)
81 + abs_target = os.path.abspath(target)
82 +
83 + prefix = os.path.commonprefix([abs_directory, abs_target])
84 +
85 + return prefix == abs_directory
86 +
87 + def safe_extract(tar, path=".", members=None, *, numeric_owner=False):
88 +
89 + for member in tar.getmembers():
90 + member_path = os.path.join(path, member.name)
91 + if not is_within_directory(path, member_path):
92 + raise Exception("Attempted Path Traversal in Tar File")
93 +
94 + tar.extractall(path, members, numeric_owner=numeric_owner)
95 +
96 +
97 + safe_extract(archive, tempdir) |