Increase tar Security - Githubissues

ClarkuCSCI / pydiode

Transfer data through a unidirectional network (i.e., a data diode)

MIT License

2 stars 0 forks source link

Increase tar Security #7

Open peterstory opened 4 months ago

peterstory commented 4 months ago

Python's tarfile module has options to increase the security of files received. We should enable this option after updating to Python 3.12.

https://docs.python.org/3/library/tarfile.html#tarfile.TarFile.extractall https://docs.python.org/3/library/tarfile.html#tarfile-extraction-filter

peterstory commented 4 months ago

Enabling this option will be a one-line change:

diff --git a/src/pydiode/tar.py b/src/pydiode/tar.py
index 991b43e..ecfce64 100644
--- a/src/pydiode/tar.py
+++ b/src/pydiode/tar.py
@@ -36,7 +36,7 @@ def main():
     elif "path" in args:
         try:
             with tarfile.open(fileobj=sys.stdin.buffer, mode="r|") as tar:
-                tar.extractall(args.path)
+                tar.extractall(args.path, filter="data")
         # Don't print the full stack trace for known error types
         except tarfile.ReadError as e:
             if str(e) == "empty file":