fix(fs): duplicate entries handling in FileSystem API.

onekey-sec · Feb 11, 2024 · c89541a · c89541a
1 parent 0dc4bb5
commit c89541a
Showing 1 changed file with 18 additions and 4 deletions.
diff --git a/unblob/file_utils.py b/unblob/file_utils.py
@@ -474,6 +474,15 @@ def _ensure_parent_dir(self, path: Path):
     def _get_extraction_path(self, path: Path, path_use_description: str) -> Path:
         fs_path = self._fs_path(path)
 
+        if fs_path.absolute_path.exists():
+            report = ExtractionProblem(
+                path=str(fs_path.relative_path),
+                problem=f"Attempting to create a file that already exists through {path_use_description}",
+                resolution="Overwrite.",
+            )
+            fs_path.absolute_path.unlink()
+            self.record_problem(report)
+
         if not fs_path.is_safe:
             report = PathTraversalProblem(
                 path=str(fs_path.relative_path),
@@ -540,11 +549,16 @@ def mknod(self, path: Path, mode=0o600, device=0):
 
     def _get_checked_link(self, src: Path, dst: Path) -> Optional[_FSLink]:
         link = _FSLink(root=self.root, src=src, dst=dst)
-        if link.is_safe:
-            return link
 
-        self.record_problem(link.format_report("Potential path traversal through link"))
-        return None
+        if link.src.absolute_path.exists():
+            self.record_problem(link.format_report("File already exists."))
+            return None
+        if not link.is_safe:
+            self.record_problem(
+                link.format_report("Potential path traversal through link")
+            )
+            return None
+        return link
 
     def _path_to_root(self, from_dir: Path) -> Path:
         # This version does not look at the existing symlinks, so while it looks cleaner it is also