From 599b65a248966fb4ffe2f6bdb1f5da2cb8fb6cb3 Mon Sep 17 00:00:00 2001
From: TrellixVulnTeam <kasimir.schulz@trellix.com>
Date: Mon, 3 Oct 2022 08:28:21 +0000
Subject: [PATCH 1/2] Adding tarfile member sanitization to extractall()

---
 tools/python/data/borders/__init__.py | 21 ++++++++++++++++++++-
 1 file changed, 20 insertions(+), 1 deletion(-)

diff --git a/tools/python/data/borders/__init__.py b/tools/python/data/borders/__init__.py
index 3b3e14e7594..65160bbb9cc 100644
--- a/tools/python/data/borders/__init__.py
+++ b/tools/python/data/borders/__init__.py
@@ -34,7 +34,26 @@ def init(borders_path=None):
         lzma_stream.seek(0)
         try:
             with tarfile.open(fileobj=lzma_stream, mode="r") as tar:
-                tar.extractall(borders_path)
+                def is_within_directory(directory, target):
+                    
+                    abs_directory = os.path.abspath(directory)
+                    abs_target = os.path.abspath(target)
+                
+                    prefix = os.path.commonprefix([abs_directory, abs_target])
+                    
+                    return prefix == abs_directory
+                
+                def safe_extract(tar, path=".", members=None, *, numeric_owner=False):
+                
+                    for member in tar.getmembers():
+                        member_path = os.path.join(path, member.name)
+                        if not is_within_directory(path, member_path):
+                            raise Exception("Attempted Path Traversal in Tar File")
+                
+                    tar.extractall(path, members, numeric_owner) 
+                    
+                
+                safe_extract(tar, borders_path)
         except PermissionError as e:
             logger.error(str(e))
             return False

From 1003e29ac5c4c2ee807ef472d88b3c8bb0a1548a Mon Sep 17 00:00:00 2001
From: TrellixVulnTeam <charles.mcfarland@trellix.com>
Date: Wed, 5 Oct 2022 00:36:04 +0000
Subject: [PATCH 2/2] Adding numeric_owner as keyword arguement

---
 tools/python/data/borders/__init__.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tools/python/data/borders/__init__.py b/tools/python/data/borders/__init__.py
index 65160bbb9cc..2f32548c0d2 100644
--- a/tools/python/data/borders/__init__.py
+++ b/tools/python/data/borders/__init__.py
@@ -50,7 +50,7 @@ def safe_extract(tar, path=".", members=None, *, numeric_owner=False):
                         if not is_within_directory(path, member_path):
                             raise Exception("Attempted Path Traversal in Tar File")
                 
-                    tar.extractall(path, members, numeric_owner) 
+                    tar.extractall(path, members, numeric_owner=numeric_owner) 
                     
                 
                 safe_extract(tar, borders_path)