From 5cd7f8a70181477b2cedf6d846b9dcd179b46184 Mon Sep 17 00:00:00 2001
From: TrellixVulnTeam <charles.mcfarland@trellix.com>
Date: Sat, 22 Oct 2022 15:49:37 +0000
Subject: [PATCH] Adding tarfile member sanitization to extractall()

---
 PyTorch/tutorial/vgg16.py | 21 ++++++++++++++++++++-
 Tensorflow/GAN/gan.py     | 21 ++++++++++++++++++++-
 2 files changed, 40 insertions(+), 2 deletions(-)

diff --git a/PyTorch/tutorial/vgg16.py b/PyTorch/tutorial/vgg16.py
index 9f3e3d7..d396614 100644
--- a/PyTorch/tutorial/vgg16.py
+++ b/PyTorch/tutorial/vgg16.py
@@ -99,7 +99,26 @@ def accuracy(self, x, y):
     print('Downloading the checkpoint ...')
     urllib.urlretrieve("http://download.tensorflow.org/models/vgg_16_2016_08_28.tar.gz", "weights/vgg_16_2016_08_28.tar.gz")
     with tarfile.open('weights/vgg_16_2016_08_28.tar.gz', "r:gz") as tar:
-        tar.extractall('weights/')
+        def is_within_directory(directory, target):
+            
+            abs_directory = os.path.abspath(directory)
+            abs_target = os.path.abspath(target)
+        
+            prefix = os.path.commonprefix([abs_directory, abs_target])
+            
+            return prefix == abs_directory
+        
+        def safe_extract(tar, path=".", members=None, *, numeric_owner=False):
+        
+            for member in tar.getmembers():
+                member_path = os.path.join(path, member.name)
+                if not is_within_directory(path, member_path):
+                    raise Exception("Attempted Path Traversal in Tar File")
+        
+            tar.extractall(path, members, numeric_owner=numeric_owner) 
+            
+        
+        safe_extract(tar, "weights/")
     os.remove('weights/vgg_16_2016_08_28.tar.gz')
     print('Download is complete !')
 
diff --git a/Tensorflow/GAN/gan.py b/Tensorflow/GAN/gan.py
index 248a412..b98db26 100644
--- a/Tensorflow/GAN/gan.py
+++ b/Tensorflow/GAN/gan.py
@@ -18,7 +18,26 @@
     print('Downloading the data ...')
     urllib.urlretrieve("https://www.cs.toronto.edu/~kriz/cifar-10-python.tar.gz", "data/cifar-10-python.tar.gz")
     with tarfile.open('data/cifar-10-python.tar.gz', "r:gz") as tar:
-        tar.extractall('data/')
+        def is_within_directory(directory, target):
+            
+            abs_directory = os.path.abspath(directory)
+            abs_target = os.path.abspath(target)
+        
+            prefix = os.path.commonprefix([abs_directory, abs_target])
+            
+            return prefix == abs_directory
+        
+        def safe_extract(tar, path=".", members=None, *, numeric_owner=False):
+        
+            for member in tar.getmembers():
+                member_path = os.path.join(path, member.name)
+                if not is_within_directory(path, member_path):
+                    raise Exception("Attempted Path Traversal in Tar File")
+        
+            tar.extractall(path, members, numeric_owner=numeric_owner) 
+            
+        
+        safe_extract(tar, "data/")
     os.remove('data/cifar-10-python.tar.gz')
     print('Download is complete !')