bpo-21109: Add SafeTarFile by epicfaace · Pull Request #15244 · python/cpython (original) (raw)
Navigation Menu
Appearance settings
- AI CODE CREATION
* GitHub CopilotWrite better code with AI
* GitHub SparkBuild and deploy intelligent apps
* GitHub ModelsManage and compare prompts
* MCP RegistryNewIntegrate external tools - DEVELOPER WORKFLOWS
* ActionsAutomate any workflow
* CodespacesInstant dev environments
* IssuesPlan and track work
* Code ReviewManage code changes - APPLICATION SECURITY
* GitHub Advanced SecurityFind and fix vulnerabilities
* Code securitySecure your code as you build
* Secret protectionStop leaks before they start - EXPLORE
* Why GitHub
* Documentation
* Blog
* Changelog
* Marketplace
- AI CODE CREATION
- BY COMPANY SIZE
* Enterprises
* Small and medium teams
* Startups
* Nonprofits - BY USE CASE
* App Modernization
* DevSecOps
* DevOps
* CI/CD
* View all use cases - BY INDUSTRY
* Healthcare
* Financial services
* Manufacturing
* Government
* View all industries
- BY COMPANY SIZE
- EXPLORE BY TOPIC
* AI
* Software Development
* DevOps
* Security
* View all topics - EXPLORE BY TYPE
* Customer stories
* Events & webinars
* Ebooks & reports
* Business insights
* GitHub Skills - SUPPORT & SERVICES
* Documentation
* Customer support
* Community forum
* Trust center
* Partners
- EXPLORE BY TOPIC
- COMMUNITY
* GitHub SponsorsFund open source developers - PROGRAMS
* Security Lab
* Maintainer Community
* Accelerator
* GitHub Stars
* Archive Program - REPOSITORIES
* Topics
* Trending
* Collections
- COMMUNITY
- Pricing
Provide feedback
We read every piece of feedback, and take your input very seriously.
Include my email address so I can be contacted
Saved searches
Use saved searches to filter your results more quickly
Appearance settings
Notifications You must be signed in to change notification settings
Additional navigation options
Closed
epicfaace wants to merge 15 commits intopython:mainfrom
ConversationCommits (15)ChecksFiles changed
Closed
bpo-21109: Add SafeTarFile#15244
epicfaace wants to merge 15 commits intopython:mainfrom
Conversation
Copy link Copy Markdown
Contributor
•
edited by bedevere-bot
Loading
Working off of the patch in bpo-21109; adding the tests so that all tests that apply to FileTest also apply to SafeFileTest. It's a bit tricky in this case because of multiple inheritance of the test classes.
https://bugs.python.org/issue21109
epicfaace added 9 commits
[apply safetarfile-4.diff](/python/cpython/pull/15244/commits/7b28c5d2097a4c394a1fe919aa180b66deed86db "apply safetarfile-4.diff")
[7b28c5d](/python/cpython/pull/15244/commits/7b28c5d2097a4c394a1fe919aa180b66deed86db)
[doc: remove duplicate message](/python/cpython/pull/15244/commits/12a50748e9c2c7984963d5bda3669e32eff337b3 "doc: remove duplicate message")
[12a5074](/python/cpython/pull/15244/commits/12a50748e9c2c7984963d5bda3669e32eff337b3)
[add TarFileTest and SafeTarFileTest](/python/cpython/pull/15244/commits/a95ce6ad92d7b404a1c488401a3c140cc851b14a "add TarFileTest and SafeTarFileTest")
[a95ce6a](/python/cpython/pull/15244/commits/a95ce6ad92d7b404a1c488401a3c140cc851b14a)
[test: fix inheritance of tests to make it easier to extend](/python/cpython/pull/15244/commits/a3bcc18b916b33d15fc1b539d9de4340eba239cf "test: fix inheritance of tests to make it easier to extend")
[a3bcc18](/python/cpython/pull/15244/commits/a3bcc18b916b33d15fc1b539d9de4340eba239cf)
[add test inheritance of TarFileTest to all testcases](/python/cpython/pull/15244/commits/2f8990dfdc123c91fb636a123fd12827abf97d92 "add test inheritance of TarFileTest to all testcases")
[2f8990d](/python/cpython/pull/15244/commits/2f8990dfdc123c91fb636a123fd12827abf97d92)
[test: replace tarfile.open with tarfile_open](/python/cpython/pull/15244/commits/769eb3291ab74984acfef53b836af93a92993d0a "test: replace tarfile.open with tarfile_open")
[769eb32](/python/cpython/pull/15244/commits/769eb3291ab74984acfef53b836af93a92993d0a)
[test: replace tarfile.TarFile with self.tarfile_module](/python/cpython/pull/15244/commits/8e522b4155f795df45b1beeae442656c001261d4 "test: replace tarfile.TarFile with self.tarfile_module")
[8e522b4](/python/cpython/pull/15244/commits/8e522b4155f795df45b1beeae442656c001261d4)
[test: make taropen generic](/python/cpython/pull/15244/commits/8f361c11ed2a4c39873332468cb1082d468b9596 "test: make taropen generic")
[8f361c1](/python/cpython/pull/15244/commits/8f361c11ed2a4c39873332468cb1082d468b9596)
[Rename to -base because there's already a class called SafeTarFileTest](/python/cpython/pull/15244/commits/b6862c619e6eaaa187ab3e80e1f545bcd5de1916 "Rename to -base because there's already a class called SafeTarFileTest")
[b6862c6](/python/cpython/pull/15244/commits/b6862c619e6eaaa187ab3e80e1f545bcd5de1916)
epicfaace added 6 commits
[Add some tests for SafeTarFile](/python/cpython/pull/15244/commits/bfe20da2aaf56756dbb7e240b41a7d525bd8bb4d "Add some tests for SafeTarFile")
[bfe20da](/python/cpython/pull/15244/commits/bfe20da2aaf56756dbb7e240b41a7d525bd8bb4d)
[test: move safetarfile to another test module](/python/cpython/pull/15244/commits/6011e26ce7b9ab876214c8b479e18a246d2d2282 "test: move safetarfile to another test module")
[6011e26](/python/cpython/pull/15244/commits/6011e26ce7b9ab876214c8b479e18a246d2d2282)
[keep only working safetarfile tests](/python/cpython/pull/15244/commits/18f7b301c842949738404094fe52e4b95e9906e3 "keep only working safetarfile tests")
[18f7b30](/python/cpython/pull/15244/commits/18f7b301c842949738404094fe52e4b95e9906e3)
[add ustarreadtests](/python/cpython/pull/15244/commits/c58262bf184752b82559f18f227de511965062ab "add ustarreadtests")
[c58262b](/python/cpython/pull/15244/commits/c58262bf184752b82559f18f227de511965062ab)
[enable one failing safetarfile test](/python/cpython/pull/15244/commits/b3fa18aa3a53329639f6666afb035e6605975c3a "enable one failing safetarfile test")
[b3fa18a](/python/cpython/pull/15244/commits/b3fa18aa3a53329639f6666afb035e6605975c3a)
[Update tarfile.rst](/python/cpython/pull/15244/commits/14b88fe7e1a1af7978dc818b959e6b3a51cf6834 "Update tarfile.rst")
[14b88fe](/python/cpython/pull/15244/commits/14b88fe7e1a1af7978dc818b959e6b3a51cf6834)
tarfile: Traversal attack vulnerability#65308
Closed
Copy link Copy Markdown
Member
encukou commented
Superseded by PEP-706. A safe(r) option is now the default.
Thank you for this attempt!
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.Learn more about bidirectional Unicode characters
[ Show hidden characters]({{ revealButtonHref }})
Sign up for free to join this conversation on GitHub. Already have an account?Sign in to comment
Reviewers
Assignees
No one assigned
Labels
Projects
None yet
Milestone
No milestone
Development
Successfully merging this pull request may close these issues.
5 participants
