feedc0de/platformio-core
1
0
Fork 0
forked from platformio/platformio-core
Code Pull Requests Activity

Add support for Python 3.12+ Tar extract filter

Browse Source
This commit is contained in:
Ivan Kravets
2024-03-16 12:32:15 +02:00
parent 0f3dbe623d
commit c0d97287dd
1 changed files with 9 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
platformio/package/unpack.py
View File

@ -13,6 +13,7 @@
# limitations under the License. # limitations under the License.
import os import os
import sys
from tarfile import open as tarfile_open from tarfile import open as tarfile_open
from time import mktime from time import mktime
from zipfile import ZipFile from zipfile import ZipFile
@ -82,19 +83,23 @@ class TARArchiver(BaseArchiver):
).startswith(base) ).startswith(base)
def extract_item(self, item, dest_dir): def extract_item(self, item, dest_dir):
if sys.version_info >= (3, 12):
self._afo.extract(item, dest_dir, filter="data")
return self.after_extract(item, dest_dir)
# apply custom security logic
dest_dir = self.resolve_path(dest_dir) dest_dir = self.resolve_path(dest_dir)
bad_conds = [ bad_conds = [
self.is_bad_path(item.name, dest_dir), self.is_bad_path(item.name, dest_dir),
self.is_link(item) and self.is_bad_link(item, dest_dir), self.is_link(item) and self.is_bad_link(item, dest_dir),
] ]
if not any(bad_conds): if any(bad_conds):
super().extract_item(item, dest_dir) return click.secho(
else:
click.secho(
"Blocked insecure item `%s` from TAR archive" % item.name, "Blocked insecure item `%s` from TAR archive" % item.name,
fg="red", fg="red",
err=True, err=True,
) )
return super().extract_item(item, dest_dir)
class ZIPArchiver(BaseArchiver): class ZIPArchiver(BaseArchiver):