While we only process archives from authenticated and trusted parties, there are some safety checks we could do in case the submitter's archive generating process is somehow compromised.
Essentially, we are preventing extracted files from "escaping" the unpack directory via any combination of absolute paths or link traversals. This is a known hazard with the generality of the tar archive format. For consistency, this adds a similar check to the zip archive logic, even though is supposed to already be sanitized by the zipfile extraction code.
While we only process archives from authenticated and trusted parties, there are some safety checks we could do in case the submitter's archive generating process is somehow compromised.
Essentially, we are preventing extracted files from "escaping" the unpack directory via any combination of absolute paths or link traversals. This is a known hazard with the generality of the tar archive format. For consistency, this adds a similar check to the zip archive logic, even though is supposed to already be sanitized by the zipfile extraction code.