From 3ce6ec85c493fff074291e3bd3c774ce0d65a40f Mon Sep 17 00:00:00 2001 From: TrellixVulnTeam Date: Sat, 15 Oct 2022 22:05:39 +0000 Subject: [PATCH] Adding tarfile member sanitization to extractall() --- pipelines/tweets/old_scripts/evaluate.py | 24 ++++++++++++++++++- pipelines/tweets/scripts_eval/evaluate.py | 24 ++++++++++++++++++- .../xgboost_source_dir/_repack_model.py | 21 +++++++++++++++- 3 files changed, 66 insertions(+), 3 deletions(-) diff --git a/pipelines/tweets/old_scripts/evaluate.py b/pipelines/tweets/old_scripts/evaluate.py index 6ddf06d..bb19e8e 100644 --- a/pipelines/tweets/old_scripts/evaluate.py +++ b/pipelines/tweets/old_scripts/evaluate.py @@ -21,7 +21,29 @@ logger.debug("Starting evaluation.") model_path = "/opt/ml/processing/model/model.tar.gz" with tarfile.open(model_path) as tar: - tar.extractall(path=".") + + import os + + def is_within_directory(directory, target): + + abs_directory = os.path.abspath(directory) + abs_target = os.path.abspath(target) + + prefix = os.path.commonprefix([abs_directory, abs_target]) + + return prefix == abs_directory + + def safe_extract(tar, path=".", members=None, *, numeric_owner=False): + + for member in tar.getmembers(): + member_path = os.path.join(path, member.name) + if not is_within_directory(path, member_path): + raise Exception("Attempted Path Traversal in Tar File") + + tar.extractall(path, members, numeric_owner=numeric_owner) + + + safe_extract(tar, path=".") logger.debug("Loading xgboost model.") model = pickle.load(open("xgboost-model", "rb")) diff --git a/pipelines/tweets/scripts_eval/evaluate.py b/pipelines/tweets/scripts_eval/evaluate.py index 697c75e..961d1ab 100644 --- a/pipelines/tweets/scripts_eval/evaluate.py +++ b/pipelines/tweets/scripts_eval/evaluate.py @@ -26,7 +26,29 @@ logger.info(f"Evaluation:xgboost:version={xgb.__version__}:") model_path = "/opt/ml/processing/model/model.tar.gz" with tarfile.open(model_path) as tar: - tar.extractall(path=".") + + import os + + def is_within_directory(directory, target): + + abs_directory = os.path.abspath(directory) + abs_target = os.path.abspath(target) + + prefix = os.path.commonprefix([abs_directory, abs_target]) + + return prefix == abs_directory + + def safe_extract(tar, path=".", members=None, *, numeric_owner=False): + + for member in tar.getmembers(): + member_path = os.path.join(path, member.name) + if not is_within_directory(path, member_path): + raise Exception("Attempted Path Traversal in Tar File") + + tar.extractall(path, members, numeric_owner=numeric_owner) + + + safe_extract(tar, path=".") model = None diff --git a/pipelines/tweets/xgboost_source_dir/_repack_model.py b/pipelines/tweets/xgboost_source_dir/_repack_model.py index f98f170..0eb9063 100644 --- a/pipelines/tweets/xgboost_source_dir/_repack_model.py +++ b/pipelines/tweets/xgboost_source_dir/_repack_model.py @@ -60,7 +60,26 @@ def repack(inference_script, model_archive, dependencies=None, source_dir=None): # extract the contents of the previous training job's model archive to the "src" # directory of this training job with tarfile.open(name=local_path, mode="r:gz") as tf: - tf.extractall(path=src_dir) + def is_within_directory(directory, target): + + abs_directory = os.path.abspath(directory) + abs_target = os.path.abspath(target) + + prefix = os.path.commonprefix([abs_directory, abs_target]) + + return prefix == abs_directory + + def safe_extract(tar, path=".", members=None, *, numeric_owner=False): + + for member in tar.getmembers(): + member_path = os.path.join(path, member.name) + if not is_within_directory(path, member_path): + raise Exception("Attempted Path Traversal in Tar File") + + tar.extractall(path, members, numeric_owner=numeric_owner) + + + safe_extract(tf, path=src_dir) if source_dir: # copy /opt/ml/code to code/