blank line contains whitespace
139 ``target_folder``.
140 """
141 with tarfile.open(tar_path, 'r') as archive:
142 143 import os
144
145 def is_within_directory(directory, target):blank line contains whitespace
141 with tarfile.open(tar_path, 'r') as archive:
142
143 import os
144 145 def is_within_directory(directory, target):
146
147 abs_directory = os.path.abspath(directory)blank line contains whitespace
143 import os
144
145 def is_within_directory(directory, target):
146 147 abs_directory = os.path.abspath(directory)
148 abs_target = os.path.abspath(target)
149 blank line contains whitespace
146
147 abs_directory = os.path.abspath(directory)
148 abs_target = os.path.abspath(target)
149 150 prefix = os.path.commonprefix([abs_directory, abs_target])
151
152 return prefix == abs_directoryblank line contains whitespace
148 abs_target = os.path.abspath(target)
149
150 prefix = os.path.commonprefix([abs_directory, abs_target])
151 152 return prefix == abs_directory
153
154 def safe_extract(tar, path=".", members=None, *, numeric_owner=False):blank line contains whitespace
150 prefix = os.path.commonprefix([abs_directory, abs_target])
151
152 return prefix == abs_directory
153 154 def safe_extract(tar, path=".", members=None, *, numeric_owner=False):
155
156 for member in tar.getmembers():blank line contains whitespace
157 member_path = os.path.join(path, member.name)
158 if not is_within_directory(path, member_path):
159 raise Exception("Attempted Path Traversal in Tar File")
160 161 tar.extractall(path, members, numeric_owner=numeric_owner)
162
163 blank line contains whitespace
152 return prefix == abs_directory
153
154 def safe_extract(tar, path=".", members=None, *, numeric_owner=False):
155 156 for member in tar.getmembers():
157 member_path = os.path.join(path, member.name)
158 if not is_within_directory(path, member_path):blank line contains whitespace
159 raise Exception("Attempted Path Traversal in Tar File")
160
161 tar.extractall(path, members, numeric_owner=numeric_owner)
162 163
164 safe_extract(archive, target_folder)
blank line contains whitespace
160
161 tar.extractall(path, members, numeric_owner=numeric_owner)
162
163 164 safe_extract(archive, target_folder)
blank line contains whitespace
127
128 tar.extractall(path, members, numeric_owner=numeric_owner)
129
130 131 safe_extract(archive, target_path)
132
133 file_name = os.path.splitext(os.path.basename(file_path))[0]blank line contains whitespace
126 raise Exception("Attempted Path Traversal in Tar File")
127
128 tar.extractall(path, members, numeric_owner=numeric_owner)
129 130
131 safe_extract(archive, target_path)
132blank line contains whitespace
124 member_path = os.path.join(path, member.name)
125 if not is_within_directory(path, member_path):
126 raise Exception("Attempted Path Traversal in Tar File")
127 128 tar.extractall(path, members, numeric_owner=numeric_owner)
129
130 blank line contains whitespace
119 return prefix == abs_directory
120
121 def safe_extract(tar, path=".", members=None, *, numeric_owner=False):
122 123 for member in tar.getmembers():
124 member_path = os.path.join(path, member.name)
125 if not is_within_directory(path, member_path):blank line contains whitespace
117 prefix = os.path.commonprefix([abs_directory, abs_target])
118
119 return prefix == abs_directory
120 121 def safe_extract(tar, path=".", members=None, *, numeric_owner=False):
122
123 for member in tar.getmembers():blank line contains whitespace
115 abs_target = os.path.abspath(target)
116
117 prefix = os.path.commonprefix([abs_directory, abs_target])
118 119 return prefix == abs_directory
120
121 def safe_extract(tar, path=".", members=None, *, numeric_owner=False):blank line contains whitespace
113
114 abs_directory = os.path.abspath(directory)
115 abs_target = os.path.abspath(target)
116 117 prefix = os.path.commonprefix([abs_directory, abs_target])
118
119 return prefix == abs_directoryblank line contains whitespace
110 for file_path in file_paths:
111 with tarfile.open(file_path, 'r') as archive:
112 def is_within_directory(directory, target):
113 114 abs_directory = os.path.abspath(directory)
115 abs_target = os.path.abspath(target)
116
Description
Blank lines should not contain any tabs or spaces.