test_cwl11 tar usage: plug possible security issue in Python 3.12+

mr-c · mr-c · commit 5b283e069fe0 · 2024-09-05T17:00:01.000+02:00
diff --git a/schema_salad/tests/test_cwl11.py b/schema_salad/tests/test_cwl11.py
@@ -6,8 +6,9 @@
 
 import os
 import shutil
+import sys
 import tarfile
-from typing import Any, Dict, Generator, Tuple, Union
+from typing import TYPE_CHECKING, Any, Dict, Generator, Tuple, Union, cast
 
 import pytest
 import requests
@@ -20,6 +21,10 @@
 
 from .util import get_data
 
+if TYPE_CHECKING:
+    from http.client import HTTPResponse
+
+
 test_dir_name = "tests/"
 
 SchemaType = Tuple[Loader, Union[Names, SchemaParseException], Dict[str, Any], Loader]
@@ -30,12 +35,18 @@ def cwl_v1_2_schema(
     tmp_path_factory: TempPathFactory,
 ) -> Generator[SchemaType, None, None]:
     tmp_path = tmp_path_factory.mktemp("cwl_v1_2_schema")
-    with requests.get(
-        "https://github.com/common-workflow-language/cwl-v1.2/archive/v1.2.0.tar.gz",
-        stream=True,
-    ).raw as specfileobj:
+    with cast(
+        "HTTPResponse",
+        requests.get(
+            "https://github.com/common-workflow-language/cwl-v1.2/archive/v1.2.0.tar.gz",
+            stream=True,
+        ).raw,
+    ) as specfileobj:
         tf = tarfile.open(fileobj=specfileobj)
-        tf.extractall(path=tmp_path)  # this becomes cwl-v1.2-1.2.0
+        if sys.version_info > (3, 12):
+            tf.extractall(path=tmp_path, filter="data")  # this becomes cwl-v1.2-1.2.0
+        else:
+            tf.extractall(path=tmp_path)  # this becomes cwl-v1.2-1.2.0
     path = str(tmp_path / "cwl-v1.2-1.2.0/CommonWorkflowLanguage.yml")
     yield load_schema(path)
     shutil.rmtree(os.path.join(tmp_path))
