Closed gaborh-da closed 5 years ago
@gaborh-da This issue is twofold:
extractTarballLenient
that ignores any possible errors in d633ed9492f5552ad8cce836fa3311bfeee320e4 Let me know how it works out for you and I'll make a release. In case you want some custom error handling it's not that hard, all of the building blocks are already available.In its current state, the tar-conduit
library aborts the entire process if it encounters a tar file with hard links. As tar files are usually user-supplied input, this means any application or process using the tar-conduit
library is trivially vulnerable to a denial-of-service attack.
extractTarballLenient
silently ignores errors, which is not suitable for production code. Errors should be collected and properly fed back to the caller.
@twpayne-da tar-conduit
throwing an exception is not synonymous with "aborting the entire process", nothing prevents you from wrapping a call to any of the provided functions with tryAny
or catchAny
, which would yield you the reason for failure as well as prevent your whole process from dying. Moreover because "tar files are usually user-supplied input" it is absolutely natural to expect an exception. Therefore this statement is absurd:
tar-conduit
trivially vulnerable to a denial-of-service attack
At the same time your suggestion of collecting errors in extractTarballLenient
seems fair enough, so I added a slightly modified version that just that. It is currently available in a separate branch: extractTaballLenient
. Let me know what you think of that approach.
Restoring Hard Links has been implemented in #20 and lenient restoring was added in #23
Features in regards of hard links that are still missing:
Hard links cause immediate termination of the program using the library.
error
should be used (maybe http://hackage.haskell.org/package/base-4.11.1.0/docs/System-IO-Error.html#t:IOError would be a more appropriate choice, it can be handled, at least, by the user)