Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix regression when extracting tar archive #816

Merged
merged 2 commits into from Sep 5, 2019
Merged

Fix regression when extracting tar archive #816

merged 2 commits into from Sep 5, 2019

Commits on May 17, 2019

  1. Fix indentation in ArchiveExtractor

    @arminha
    arminha committed May 17, 2019
    Copy the full SHA
    f807c40 View commit details
    Browse the repository at this point in the history

  2. Compare paths when extracting an archive with the canonical destinati… 

    …on directory

Commit 93d77ff introduced a check that
files extracted from a tar archive will not be written outside of the
destination directory. Unfortunately it also introduced a regression
prventing the extraction of any tar archive when the path to the
destination directory contains a symbolic link.

For example on a jenkins agent where /var/lib/jenkins is a symbolic
link to /data/jenkins and a job tries to extact nodejs to
/var/lib/jenkins/workspace/example-project/target/node/tmp. The old
code would then check if canonical path to a tar entry like
/data/jenkins/workspace/example-project/target/node/tmp/XXX starts
with /var/lib/jenkins/workspace/example-project/target/node/tmp which
always fails.

This commit compares the canonical extraction paths of the tar entries
with the canonical path of the destination directory, which fixes the
regression and still checks that no file is extracted outside of the
destination directory.
    @arminha
    arminha committed May 17, 2019
    Copy the full SHA
    6175368 View commit details
    Browse the repository at this point in the history