Fix tarfile.extractall path traversal vulnerability

Summary:
`tarfile.extractall()` is called without member validation in two places,
allowing a malicious archive to write files outside the target directory
via crafted paths like `../../etc/passwd`.

Added `safe_extractall()` which:
1. Pre-validates all member paths to block absolute paths and `..` traversal
2. Uses Python 3.12+ `filter='data'` when available (blocks symlinks, device files, setuid bits)
3. Handles both tar and zip archives

Patched both call sites:
- `fetcher.py` — dependency source archive extraction
- `getdeps.py` — build cache artifact extraction (also fixed resource leak: tarfile now uses `with` block)

GitHub Issue: facebook/mvfst#430

Reviewed By: bigfootjon

Differential Revision: D99477527

fbshipit-source-id: 2572f3c15a3d99d0c1621edb39be9bf1f8ea2a57

Author: sandarsh

build/fbcode_builder/getdeps.py

@@ -24,6 +24,7 @@
     file_name_is_cmake_file,
     is_public_commit,
     list_files_under_dir_newer_than_timestamp,
+    safe_extractall,
     SystemPackageFetcher,
 )
 from getdeps.load import ManifestLoader
@@ -283,11 +284,12 @@ def download(self):
             try:
                 target_file_name = os.path.join(dl_dir, self.cache_file_name)
                 if self.cache.download_to_file(self.cache_file_name, target_file_name):
-                    tf = tarfile.open(target_file_name, "r")
-                    print(
-                        "Extracting %s -> %s..." % (self.cache_file_name, self.inst_dir)
-                    )
-                    tf.extractall(self.inst_dir)
+                    with tarfile.open(target_file_name, "r") as tf:
+                        print(
+                            "Extracting %s -> %s..."
+                            % (self.cache_file_name, self.inst_dir)
+                        )
+                        safe_extractall(tf, self.inst_dir)
 
                     cached_marker = os.path.join(self.inst_dir, ".getdeps-cached-build")
                     with open(cached_marker, "w") as f:

build/fbcode_builder/getdeps/fetcher.py

@@ -39,6 +39,33 @@
     from .manifest import ManifestContext, ManifestParser
 
 
+def _validate_archive_members(names: list[str], dest_dir: str) -> None:
+    """Validate archive member paths to prevent path traversal (Zip Slip) attacks."""
+    dest_dir = os.path.realpath(dest_dir)
+    for name in names:
+        if os.path.isabs(name):
+            raise ValueError(f"Blocked absolute path in archive: {name!r}")
+        member_path = os.path.realpath(os.path.join(dest_dir, name))
+        if not member_path.startswith(dest_dir + os.sep) and member_path != dest_dir:
+            raise ValueError(f"Blocked path traversal in archive: {name!r}")
+
+
+def safe_extractall(archive: tarfile.TarFile | zipfile.ZipFile, dest: str) -> None:
+    """Safely extract a tar or zip archive with path traversal protection."""
+    if isinstance(archive, tarfile.TarFile):
+        _validate_archive_members(archive.getnames(), dest)
+        try:
+            archive.extractall(dest, filter="data")
+        except TypeError:
+            # Python < 3.12 without filter support
+            archive.extractall(dest)
+    elif isinstance(archive, zipfile.ZipFile):
+        _validate_archive_members(archive.namelist(), dest)
+        archive.extractall(dest)
+    else:
+        raise TypeError(f"Unsupported archive type: {type(archive)}")
+
+
 def file_name_is_cmake_file(file_name: str) -> bool:
     file_name = file_name.lower()
     base = os.path.basename(file_name)
@@ -1132,7 +1159,7 @@ def update(self) -> ChangeStatus:
             # the boost tarball it makes some assumptions and tries to convert
             # a non-ascii path to ascii and throws.
             src = str(src)
-            t.extractall(src)
+            safe_extractall(t, src)
 
         if is_windows():
             subdir = self.manifest.get("build", "subdir")

build/fbcode_builder/getdeps/test/safe_extract_test.py

@@ -0,0 +1,109 @@
+# Copyright (c) Meta Platforms, Inc. and affiliates.
+#
+# This source code is licensed under the MIT license found in the
+# LICENSE file in the root directory of this source tree.
+
+# pyre-strict
+
+
+import io
+import os
+import tarfile
+import tempfile
+import unittest
+import zipfile
+
+from ..fetcher import _validate_archive_members, safe_extractall
+
+
+class ValidateArchiveMembersTest(unittest.TestCase):
+    def test_valid_paths(self) -> None:
+        with tempfile.TemporaryDirectory() as dest:
+            _validate_archive_members(["foo.txt", "subdir/bar.txt", "a/b/c.txt"], dest)
+
+    def test_blocks_absolute_path(self) -> None:
+        with tempfile.TemporaryDirectory() as dest:
+            with self.assertRaises(ValueError) as ctx:
+                _validate_archive_members(["/etc/passwd"], dest)
+            self.assertIn("absolute path", str(ctx.exception))
+
+    def test_blocks_path_traversal(self) -> None:
+        with tempfile.TemporaryDirectory() as dest:
+            with self.assertRaises(ValueError) as ctx:
+                _validate_archive_members(["../../etc/passwd"], dest)
+            self.assertIn("path traversal", str(ctx.exception))
+
+    def test_allows_dotdot_that_stays_within_dest(self) -> None:
+        with tempfile.TemporaryDirectory() as dest:
+            _validate_archive_members(["a/../b.txt"], dest)
+
+
+class SafeExtractallTarTest(unittest.TestCase):
+    def _create_tar(self, members: dict[str, bytes]) -> str:
+        fd, path = tempfile.mkstemp(suffix=".tar.gz")
+        os.close(fd)
+        with tarfile.open(path, "w:gz") as tar:
+            for name, data in members.items():
+                info = tarfile.TarInfo(name=name)
+                info.size = len(data)
+                tar.addfile(info, io.BytesIO(data))
+        return path
+
+    def test_extracts_valid_tar(self) -> None:
+        archive = self._create_tar(
+            {"hello.txt": b"hello world", "sub/nested.txt": b"nested"}
+        )
+        try:
+            with tempfile.TemporaryDirectory() as dest:
+                with tarfile.open(archive) as tar:
+                    safe_extractall(tar, dest)
+                self.assertTrue(os.path.isfile(os.path.join(dest, "hello.txt")))
+                self.assertTrue(os.path.isfile(os.path.join(dest, "sub/nested.txt")))
+                with open(os.path.join(dest, "hello.txt")) as f:
+                    self.assertEqual(f.read(), "hello world")
+        finally:
+            os.unlink(archive)
+
+    def test_blocks_traversal_tar(self) -> None:
+        archive = self._create_tar({"../../evil.txt": b"pwned"})
+        try:
+            with tempfile.TemporaryDirectory() as dest:
+                with tarfile.open(archive) as tar:
+                    with self.assertRaises(ValueError):
+                        safe_extractall(tar, dest)
+        finally:
+            os.unlink(archive)
+
+
+class SafeExtractallZipTest(unittest.TestCase):
+    def _create_zip(self, members: dict[str, bytes]) -> str:
+        fd, path = tempfile.mkstemp(suffix=".zip")
+        os.close(fd)
+        with zipfile.ZipFile(path, "w") as zf:
+            for name, data in members.items():
+                zf.writestr(name, data)
+        return path
+
+    def test_extracts_valid_zip(self) -> None:
+        archive = self._create_zip(
+            {"hello.txt": b"hello world", "sub/nested.txt": b"nested"}
+        )
+        try:
+            with tempfile.TemporaryDirectory() as dest:
+                with zipfile.ZipFile(archive) as zf:
+                    safe_extractall(zf, dest)
+                self.assertTrue(os.path.isfile(os.path.join(dest, "hello.txt")))
+                with open(os.path.join(dest, "hello.txt")) as f:
+                    self.assertEqual(f.read(), "hello world")
+        finally:
+            os.unlink(archive)
+
+    def test_blocks_traversal_zip(self) -> None:
+        archive = self._create_zip({"../../evil.txt": b"pwned"})
+        try:
+            with tempfile.TemporaryDirectory() as dest:
+                with zipfile.ZipFile(archive) as zf:
+                    with self.assertRaises(ValueError):
+                        safe_extractall(zf, dest)
+        finally:
+            os.unlink(archive)