[Buildroot] [PATCH] utils/scanpypi: protect against zip-slip vulnerability in zip/tar handling
Peter Korsgaard
peter at korsgaard.com
Tue Feb 12 20:45:38 UTC 2019
>>>>> "Yann" == Yann E MORIN <yann.morin.1998 at free.fr> writes:
Hi,
> As I said on IRC: I would really prefer if we could reject archive that
> do have paths merely containiug /../ components, because those are
> already fishy, even if they still point in-tree, e.g. foo/../bar is
> still technically OK, but why the heck would it be constructed that way
> to begin with? Normal archivers do not do that.
Agreed, but that code seems somewhat more complicated to me, and I
wanted the simplest possible solution.
> But making the path canonical with relpath() is already better than the
> current situation, so:
> Reviewed-by: "Yann E. MORIN" <yann.morin.1998 at free.fr>
> Yet, a little tiny comment, below:
>> + if evil:
>> + print('ERROR: Refusing to extract {} with suspicious members {}'.format(
>> + self.filename, evil))
> I would have sent that to stderr: print(..., file=sys.stderr)
Correct, but scanpypi sems (almost all) error messages to stdout, so I
kept it like this for consistency.
--
Bye, Peter Korsgaard
More information about the buildroot
mailing list