quay/util/safetar.py

import os.path
import logging
import copy
import operator


logger = logging.getLogger(__name__)


def safe_extractall(tar, path):
  """Extract all members from the archive to the current working
     directory and set owner, modification time and permissions on
     directories afterwards. `path' specifies a different directory
     to extract to. `members' is optional and must be a subset of the
     list returned by getmembers().
  """
  abs_extract_path = os.path.abspath(path)
  def is_member_safe(member):
    """ Returns True if the member is safe, False otherwise. """
    if member.issym():
      link_tar_path = os.path.dirname(member.path)
      abs_link_path = os.path.abspath(os.path.join(path, link_tar_path, member.linkpath))
      if not abs_link_path.startswith(abs_extract_path):
        logger.warning('Filtering symlink outside of extract dir: %s', member.linkpath)
        return False
    elif member.isblk():
      logger.warning('Filtering block device from tarfile: %s', member.path)
      return False

    return True

  directories = []

  for tarinfo in tar:
    if is_member_safe(tarinfo):
      if tarinfo.isdir():
        # Extract directories with a safe mode.
        directories.append(tarinfo)
        tarinfo = copy.copy(tarinfo)
        tarinfo.mode = 0700
      tar.extract(tarinfo, path)

  # Reverse sort directories.
  directories.sort(key=operator.attrgetter('name'))
  directories.reverse()

  # Set correct owner, mtime and filemode on directories.
  for tarinfo in directories:
    dirpath = os.path.join(path, tarinfo.name)
    tar.chown(tarinfo, dirpath)
    tar.utime(tarinfo, dirpath)
    tar.chmod(tarinfo, dirpath)
Use safer tar extraction. Handle error messages in the build process more intelligently. 2014-04-01 17:46:41 +00:00			`import os.path`
			`import logging`
			`import copy`
			`import operator`


			`logger = logging.getLogger(__name__)`


			`def safe_extractall(tar, path):`
			`"""Extract all members from the archive to the current working`
			`directory and set owner, modification time and permissions on`
			directories afterwards. `path' specifies a different directory
			to extract to. `members' is optional and must be a subset of the
			`list returned by getmembers().`
			`"""`
			`abs_extract_path = os.path.abspath(path)`
			`def is_member_safe(member):`
			`""" Returns True if the member is safe, False otherwise. """`
			`if member.issym():`
			`link_tar_path = os.path.dirname(member.path)`
			`abs_link_path = os.path.abspath(os.path.join(path, link_tar_path, member.linkpath))`
			`if not abs_link_path.startswith(abs_extract_path):`
			`logger.warning('Filtering symlink outside of extract dir: %s', member.linkpath)`
			`return False`
			`elif member.isblk():`
			`logger.warning('Filtering block device from tarfile: %s', member.path)`
			`return False`

			`return True`

			`directories = []`

			`for tarinfo in tar:`
			`if is_member_safe(tarinfo):`
			`if tarinfo.isdir():`
			`# Extract directories with a safe mode.`
			`directories.append(tarinfo)`
			`tarinfo = copy.copy(tarinfo)`
			`tarinfo.mode = 0700`
			`tar.extract(tarinfo, path)`

			`# Reverse sort directories.`
			`directories.sort(key=operator.attrgetter('name'))`
			`directories.reverse()`

			`# Set correct owner, mtime and filemode on directories.`
			`for tarinfo in directories:`
			`dirpath = os.path.join(path, tarinfo.name)`
			`tar.chown(tarinfo, dirpath)`
			`tar.utime(tarinfo, dirpath)`
			`tar.chmod(tarinfo, dirpath)`