From 22b540d0658e7608d8695c68925e91174538bdb5 Mon Sep 17 00:00:00 2001 From: Aaron Gable Date: Mon, 12 Feb 2018 09:55:09 -0800 Subject: [PATCH] download_from_google_storage: allow normal files with .. Although we want to prevent dfgs from untar'ing files to a parent or sibling of its target directory, normal files that just happen to have ".." in their name (i.e. not preceding a path separator) are okay. R=hinoka Bug: 807286 Change-Id: Ibdc2c3615c4778ef66abceb532a4f671fbdab8ef Reviewed-on: https://chromium-review.googlesource.com/912430 Reviewed-by: Ryan Tseng Commit-Queue: Aaron Gable --- download_from_google_storage.py | 4 +++- tests/download_from_google_storage_unittest.py | 11 ++++++++++- 2 files changed, 13 insertions(+), 2 deletions(-) diff --git a/download_from_google_storage.py b/download_from_google_storage.py index f484f4f51c..234f8d692e 100755 --- a/download_from_google_storage.py +++ b/download_from_google_storage.py @@ -209,7 +209,9 @@ def _validate_tar_file(tar, prefix): """Returns false if the tarinfo is something we explicitly forbid.""" if tarinfo.issym() or tarinfo.islnk(): return False - if '..' in tarinfo.name or not tarinfo.name.startswith(prefix): + if ('../' in tarinfo.name or + '..\\' in tarinfo.name or + not tarinfo.name.startswith(prefix)): return False return True return all(map(_validate, tar.getmembers())) diff --git a/tests/download_from_google_storage_unittest.py b/tests/download_from_google_storage_unittest.py index c03c911d30..6fa0c238cc 100755 --- a/tests/download_from_google_storage_unittest.py +++ b/tests/download_from_google_storage_unittest.py @@ -128,7 +128,7 @@ class GstoolsUnitTests(unittest.TestCase): self.assertFalse( download_from_google_storage._validate_tar_file(tar, tar_dir_outside)) - # Test no .. + # Test no ../ tar_with_dotdot = 'with_dotdot.tar.gz' dotdot_file = os.path.join(tar_dir, '..', tar_dir, 'lorem_ipsum.txt') with tarfile.open(tar_with_dotdot, 'w:gz') as tar: @@ -136,6 +136,15 @@ class GstoolsUnitTests(unittest.TestCase): self.assertFalse( download_from_google_storage._validate_tar_file(tar, tar_dir)) + # Test normal file with .. in name okay + tar_with_hidden = 'with_normal_dotdot.tar.gz' + hidden_file = os.path.join(tar_dir, '..hidden_file.txt') + shutil.copyfile(lorem_ipsum, hidden_file) + with tarfile.open(tar_with_hidden, 'w:gz') as tar: + tar.add(hidden_file) + self.assertTrue( + download_from_google_storage._validate_tar_file(tar, + tar_dir)) def test_gsutil(self): # This will download a real gsutil package from Google Storage.