Skip to content

Commit

Permalink
feat: guard tar extraction
Browse files Browse the repository at this point in the history 
Signed-off-by: Hiroshi Miura <miurahr@linux.com>
  • Loading branch information
@miurahr
miurahr committed Aug 24, 2023
1 parent ebc8175 commit 3c8ef66
Showing 1 changed file with 5 additions and 1 deletion.
6 changes: 5 additions & 1 deletion aqt/installer.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1226,7 +1226,11 @@ def download_bin(_base_url):

if tarfile.is_tarfile(archive):
with tarfile.open(archive) as tar_archive:
tar_archive.extractall(path=base_dir)
if hasattr(tarfile, 'data_filter'):
tar_archive.extractall(path=base_dir, filter='tar')
else:
logger.info('Extracting tar may be unsafe; consider updating Python')
tar_archive.extractall(path=base_dir)
elif zipfile.is_zipfile(archive):
with zipfile.ZipFile(archive) as zip_archive:
zip_archive.extractall(path=base_dir)
Expand Down

0 comments on commit 3c8ef66

Please sign in to comment.