File tree Expand file tree Collapse file tree 1 file changed +9
-1
lines changed
Expand file tree Collapse file tree 1 file changed +9
-1
lines changed Original file line number Diff line number Diff line change @@ -56,10 +56,18 @@ def main(args=None):
5656 file_import (importFile ,mFormat ,overwriteFlag )
5757
5858def safe_extract (zf , member , target_dir ):
59+ if (os .path .isabs (member )):
60+ raise ARMException ('Invalid path in package: ' + member )
5961 normalised_member = os .path .normpath (member )
6062 target_path = os .path .abspath (os .path .join (target_dir , normalised_member ))
6163 target_dir_abs = os .path .abspath (target_dir )
62- if (os .path .commonpath ([target_dir_abs , target_path ]) != target_dir_abs ):
64+
65+ try :
66+ common = os .path .commonpath ([target_dir_abs , target_path ])
67+ except ValueError :
68+ raise ARMException ('Invalid path in package: ' + member )
69+
70+ if common != target_dir_abs :
6371 raise ARMException ('Invalid path in package: ' + member )
6472
6573 with open (target_path , 'wb' ) as out_f :
You can’t perform that action at this time.
0 commit comments