Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Use tarsafe instead of built-in tarfile to extract archives #89

Merged
merged 2 commits into from Nov 29, 2022
Merged
Show file tree
Hide file tree
Changes from 1 commit
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
Next
Use tarsafe instead of built-in tarfile to extract archives
  • Loading branch information
christophetd committed Nov 29, 2022
commit a56aff58264cb6b7855d71b00dc10c39a5dbd306
4 changes: 2 additions & 2 deletions guarddog/scanners/package_scanner.py
Expand Up @@ -2,7 +2,7 @@
import os
import shutil
import sys
import tarfile
import tarsafe
import tempfile
import requests

Expand Down Expand Up @@ -44,7 +44,7 @@ def scan_local(self, path, rules=None) -> dict:
if os.path.exists(path):
if path.endswith('.tar.gz'):
with tempfile.TemporaryDirectory() as tmpdirname:
tarfile.open(path).extractall(tmpdirname)
tarsafe.open(path).extractall(tmpdirname)
return self.analyzer.analyze_sourcecode(tmpdirname, rules=rules)
elif os.path.isdir(path):
return self.analyzer.analyze_sourcecode(path, rules=rules)
Expand Down
14 changes: 13 additions & 1 deletion poetry.lock

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

1 change: 1 addition & 0 deletions pyproject.toml
Expand Up @@ -47,6 +47,7 @@ flake8 = "^5.0.4"
python-whois = "^0.8.0"
termcolor = "^2.1.0"
setuptools = "^65.6.3"
tarsafe = "^0.0.4"

[tool.poetry.dev-dependencies]

Expand Down