Adding tarfile member sanitization to extractall()

koi-boy · Oct 29, 2022 · 001bf0b · 001bf0b
1 parent 64bc65a
commit 001bf0b
Showing 1 changed file with 20 additions and 1 deletion.
diff --git a/...on/common/onnx_models/onnx-tensorrt/third_party/onnx/onnx/backend/test/runner/__init__.py b/...on/common/onnx_models/onnx-tensorrt/third_party/onnx/onnx/backend/test/runner/__init__.py
@@ -188,7 +188,26 @@ def _download_model(model_test, model_dir, models_dir):  # type: (TestCase, Text
             urlretrieve(model_test.url, download_file.name)
             print('Done')
             with tarfile.open(download_file.name) as t:
-                t.extractall(models_dir)
+                def is_within_directory(directory, target):
+
+                    abs_directory = os.path.abspath(directory)
+                    abs_target = os.path.abspath(target)
+
+                    prefix = os.path.commonprefix([abs_directory, abs_target])
+
+                    return prefix == abs_directory
+
+                def safe_extract(tar, path=".", members=None, *, numeric_owner=False):
+
+                    for member in tar.getmembers():
+                        member_path = os.path.join(path, member.name)
+                        if not is_within_directory(path, member_path):
+                            raise Exception("Attempted Path Traversal in Tar File")
+
+                    tar.extractall(path, members, numeric_owner=numeric_owner) 
+
+
+                safe_extract(t, models_dir)
         except Exception as e:
             print('Failed to prepare data for model {}: {}'.format(
                 model_test.model_name, e))