raise error when the uploaded tar contain hard/soft link

2025-12-07 15:06:48 +00:00 · 2025-02-07 21:22:46 +08:00
--- a/shared_utils/handle_upload.py
+++ b/shared_utils/handle_upload.py
@@ -111,6 +111,8 @@ def extract_archive(file_path, dest_dir):
                    member_path = os.path.normpath(member.name)
                    full_path = os.path.join(dest_dir, member_path)
                    full_path = os.path.abspath(full_path)
                    if member.islnk() or member.issym():
                        raise Exception(f"Attempted Symlink in {member.name}")
                    if not full_path.startswith(os.path.abspath(dest_dir) + os.sep):
                        raise Exception(f"Attempted Path Traversal in {member.name}")