NA: Fix possible changes in files outside of working directory (#1206)

nvbn · Jun 8, 2021 · e343c57 · e343c57
1 parent 6da0bc5
commit e343c57
Show file tree

Hide file tree

Showing 2 changed files with 8 additions and 0 deletions.
diff --git a/thefuck/rules/dirty_untar.py b/thefuck/rules/dirty_untar.py
@@ -41,6 +41,10 @@ def get_new_command(command):
 def side_effect(old_cmd, command):
     with tarfile.TarFile(_tar_file(old_cmd.script_parts)[0]) as archive:
         for file in archive.getnames():
+            if not os.path.abspath(file).startswith(os.getcwd()):
+                # it's unsafe to overwrite files outside of the current directory
+                continue
+
             try:
                 os.remove(file)
             except OSError:

diff --git a/thefuck/rules/dirty_unzip.py b/thefuck/rules/dirty_unzip.py
@@ -45,6 +45,10 @@ def get_new_command(command):
 def side_effect(old_cmd, command):
     with zipfile.ZipFile(_zip_file(old_cmd), 'r') as archive:
         for file in archive.namelist():
+            if not os.path.abspath(file).startswith(os.getcwd()):
+                # it's unsafe to overwrite files outside of the current directory
+                continue
+
             try:
                 os.remove(file)
             except OSError: