From bd845608409e700d389cd9d326955ea67493d485 Mon Sep 17 00:00:00 2001 From: Ali Razmjoo Date: Thu, 5 Sep 2024 18:41:19 +0200 Subject: [PATCH] Update safe_extractor.py fix lint errors additionally converted `_is_within_directory` to static method --- luigi/safe_extractor.py | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/luigi/safe_extractor.py b/luigi/safe_extractor.py index b4c279b193..08e88fe12d 100644 --- a/luigi/safe_extractor.py +++ b/luigi/safe_extractor.py @@ -16,11 +16,11 @@ # """ -This module provides a class `SafeExtractor` that offers a secure way to extract tar files while -mitigating path traversal vulnerabilities, which can occur when files inside the archive are +This module provides a class `SafeExtractor` that offers a secure way to extract tar files while +mitigating path traversal vulnerabilities, which can occur when files inside the archive are crafted to escape the intended extraction directory. -The `SafeExtractor` ensures that the extracted file paths are validated before extraction to +The `SafeExtractor` ensures that the extracted file paths are validated before extraction to prevent malicious archives from extracting files outside the intended directory. Classes: @@ -47,7 +47,7 @@ class SafeExtractor: _is_within_directory(directory, target): Checks if a target path is within a given directory. - safe_extract(tar_path, members=None, *, numeric_owner=False): + safe_extract(tar_path, members=None, \*, numeric_owner=False): Safely extracts the contents of a tar file to the specified directory. """ @@ -60,7 +60,8 @@ def __init__(self, path="."): """ self.path = path - def _is_within_directory(self, directory, target): + @staticmethod + def _is_within_directory(directory, target): """ Checks if a target path is within a given directory.