From c89541a94becc169f5e0ea761f2d0c304e6e12f3 Mon Sep 17 00:00:00 2001 From: Quentin Kaiser Date: Sun, 11 Feb 2024 19:42:55 +0100 Subject: [PATCH] fix(fs): duplicate entries handling in FileSystem API. --- unblob/file_utils.py | 22 ++++++++++++++++++---- 1 file changed, 18 insertions(+), 4 deletions(-) diff --git a/unblob/file_utils.py b/unblob/file_utils.py index 21e887b487..e742c9e253 100644 --- a/unblob/file_utils.py +++ b/unblob/file_utils.py @@ -474,6 +474,15 @@ def _ensure_parent_dir(self, path: Path): def _get_extraction_path(self, path: Path, path_use_description: str) -> Path: fs_path = self._fs_path(path) + if fs_path.absolute_path.exists(): + report = ExtractionProblem( + path=str(fs_path.relative_path), + problem=f"Attempting to create a file that already exists through {path_use_description}", + resolution="Overwrite.", + ) + fs_path.absolute_path.unlink() + self.record_problem(report) + if not fs_path.is_safe: report = PathTraversalProblem( path=str(fs_path.relative_path), @@ -540,11 +549,16 @@ def mknod(self, path: Path, mode=0o600, device=0): def _get_checked_link(self, src: Path, dst: Path) -> Optional[_FSLink]: link = _FSLink(root=self.root, src=src, dst=dst) - if link.is_safe: - return link - self.record_problem(link.format_report("Potential path traversal through link")) - return None + if link.src.absolute_path.exists(): + self.record_problem(link.format_report("File already exists.")) + return None + if not link.is_safe: + self.record_problem( + link.format_report("Potential path traversal through link") + ) + return None + return link def _path_to_root(self, from_dir: Path) -> Path: # This version does not look at the existing symlinks, so while it looks cleaner it is also