Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix SafeTarFile symlinks extraction #775

Merged
merged 5 commits into from
Feb 19, 2024
Merged

Fix SafeTarFile symlinks extraction #775

merged 5 commits into from
Feb 19, 2024

Conversation

e3krisztian
Copy link
Contributor

Based on the work of @AndrewFasano in PR #770 this should fix most of the tar symlink extraction problems reported.

Related issue: #769

@e3krisztian e3krisztian force-pushed the safe_tar_symlinks_fix branch from 593d4f1 to ca32156 Compare February 15, 2024 22:29
@e3krisztian e3krisztian requested a review from qkaiser February 15, 2024 22:39
@e3krisztian e3krisztian mentioned this pull request Feb 15, 2024
Closed
qkaiser
qkaiser reviewed Feb 16, 2024
View reviewed changes
Copy link
Contributor

@qkaiser qkaiser left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Small comment otherwise LGTM. Nice work on tests.

unblob/handlers/archive/_safe_tarfile.py Outdated Show resolved Hide resolved
@e3krisztian e3krisztian marked this pull request as draft February 16, 2024 16:13
@e3krisztian e3krisztian requested a review from qkaiser February 16, 2024 16:13
@e3krisztian e3krisztian force-pushed the safe_tar_symlinks_fix branch from 117aaac to 844e058 Compare February 19, 2024 09:48
@e3krisztian
Copy link
Contributor Author

Rebased for linear history.

qkaiser
qkaiser approved these changes Feb 19, 2024
View reviewed changes
Copy link
Contributor

@qkaiser qkaiser left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

As agreed, squash before merge.

unblob/handlers/archive/_safe_tarfile.py Show resolved Hide resolved
@qkaiser qkaiser added bug Something isn't working format:archive labels Feb 19, 2024
@e3krisztian e3krisztian force-pushed the safe_tar_symlinks_fix branch from 844e058 to b95225f Compare February 19, 2024 19:35
@e3krisztian e3krisztian marked this pull request as ready for review February 19, 2024 19:36
e3krisztian and others added 5 commits February 19, 2024 20:37
@e3krisztian
fix(tar) properly extract relative symlinks
5bd59b0 
symlinks like

  sbin/halt -> ../bin/busybox

were mistakenly dropped before.

Co-authored-by: Andrew Fasano <[email protected]>
@e3krisztian
fix(tar) absolute symlink extraction
e313904 
Absolute targets were converted before, but it was too simple to
be right other than when the link target was in the same directory.

With this change absolute symlinks like

  /sbin/ls -> /bin/busybox

are converted to

  /sbin/ls -> ../bin/busybox

Co-authored-by: Andrew Fasano <[email protected]>
@e3krisztian
tests(tar) add and update symlink test files
c2b50db 
tests/integration/archive/tar/__input__/symlinks.tar:

test/
|-- bin
|   `-- busybox
`-- sbin
    |-- cp -> /test/bin/busybox
    |-- find -> ../bin/../bin/busybox
    |-- ln -> /test/bin/../bin/busybox
    |-- ls -> ../bin/busybox
    |-- mv -> ../../bin/busybox
    `-- rm -> ../../../bin/busybox

is extracted as

tests/integration/archive/tar/__output__/symlinks.tar_extract/
└── test
    ├── bin
    │   └── busybox
    └── sbin
        ├── cp -> ../bin/busybox
        ├── find -> ../bin/busybox
        ├── ln -> ../bin/busybox
        ├── ls -> ../bin/busybox
        └── mv -> ../../bin/busybox

Please note, that `rm` is missing, as that is a path traversal attempt.

----

The symlinks.tar test file is created with this script in a docker container:

rm -rf /test symlinks.tar

mkdir -p /test/bin
echo binary > /test/bin/busybox
mkdir -p /test/sbin
ln -s ../bin/busybox /test/sbin/ls
ln -s ../bin/../bin/busybox /test/sbin/find
ln -s ../../bin/busybox /test/sbin/mv
ln -s ../../../bin/busybox /test/sbin/rm
ln -s /test/bin/busybox /test/sbin/cp
ln -s /test/bin/../bin/busybox /test/sbin/ln

tar cPf /symlinks.tar /test/
tar tvPf /symlinks.tar
@e3krisztian
test(tar) update existing expectation on extraction of absolute links
839abd6 
Due to the previous absolute-symlink extraction fix, the following
updates are made:

tests/integration/archive/tar/__output__/absolute.tar_extract/absolute/absolute-symlink
- -> absolute/absolute-file
+ -> absolute-file

tests/integration/archive/tar/__output__/absolute.tar_extract/absolute/link_to_etc_shadow
- -> etc/shadow
+ -> ../etc/shadow
@e3krisztian
test(FileSystem) new create_symlink tests
600f166
@e3krisztian e3krisztian force-pushed the safe_tar_symlinks_fix branch from b95225f to 600f166 Compare February 19, 2024 19:37
@e3krisztian e3krisztian merged commit 25687f1 into main Feb 19, 2024
13 checks passed
@e3krisztian e3krisztian deleted the safe_tar_symlinks_fix branch February 19, 2024 19:40
@e3krisztian e3krisztian mentioned this pull request Feb 19, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@qkaiser qkaiser qkaiser approved these changes

Assignees

@e3krisztian e3krisztian

Labels
bug Something isn't working format:archive
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@e3krisztian @qkaiser