fix: add zip-slip guard to update_command.py#24
Merged
Conversation
ZipFile.extractall() will happily write outside the target directory if the archive contains entries with '..' or absolute paths. Boost releases are trusted, but the URL is unauthenticated and the script also accepts a user-supplied --version that determines the URL. A mirror compromise or a malformed asset should not be able to overwrite arbitrary files on the host. Before extracting, resolve each member path against script_dir and verify the resolved destination still lives under it. Anything that escapes raises RuntimeError before any write happens. No unit test in this PR: the script lacks an `if __name__ == "__main__":` guard (PR #22 covers that), which means it cannot be imported without running the argparse + download + rmtree flow. The check is small and easy to review inline; once #22 lands, a follow-up can extract it into a testable helper. See ai/improvements_2026-05-09.md item #11. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Problem.
ZipFile.extractall()will write outside the target directory if the archive contains entries with..or absolute paths. Boost releases are trusted, but the URL is unauthenticated and--versionis user-supplied — a mirror compromise or a typo pointing at the wrong asset shouldn't be able to overwrite arbitrary files on the host.Fix.
boost_headers/update_command.py— beforeextractall, resolve eachnamelist()entry againstscript_dir.resolve()and callPath.relative_to(). Anything that escapes raisesRuntimeErrorbefore any write happens.No unit test in this PR. The script lacks an
if __name__ == "__main__":guard (item #22, in the cleanup batch PR), so it cannot be imported without running the argparse + download + rmtree flow. The check is small and reviewable inline; once #22 lands, a follow-up can extract the guard into a testable helper. Full suite still 316/316.