From 59e3d3bf734a89eda5e992dcbc448fbcaa9743f0 Mon Sep 17 00:00:00 2001
From: binary-husky <qingxu.fu@outlook.com>
Date: Fri, 7 Feb 2025 21:22:46 +0800
Subject: [PATCH] raise error when the uploaded tar contain hard/soft link

---
 shared_utils/handle_upload.py | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/shared_utils/handle_upload.py b/shared_utils/handle_upload.py
index 14974ef0..89ad50a4 100644
--- a/shared_utils/handle_upload.py
+++ b/shared_utils/handle_upload.py
@@ -111,6 +111,8 @@ def extract_archive(file_path, dest_dir):
                     member_path = os.path.normpath(member.name)
                     full_path = os.path.join(dest_dir, member_path)
                     full_path = os.path.abspath(full_path)
+                    if member.islnk() or member.issym():
+                        raise Exception(f"Attempted Symlink in {member.name}")
                     if not full_path.startswith(os.path.abspath(dest_dir) + os.sep):
                         raise Exception(f"Attempted Path Traversal in {member.name}")