Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Python 3.12 adds further protection for tarfile module #1025

Closed
ericwb opened this issue May 7, 2023 · 0 comments · Fixed by #1111
Closed

Python 3.12 adds further protection for tarfile module #1025

ericwb opened this issue May 7, 2023 · 0 comments · Fixed by #1111
Labels
enhancement New feature or request

Comments

@ericwb
Copy link
Member

ericwb commented May 7, 2023

Is your feature request related to a problem? Please describe.
From Python 3.12 docs:

The extraction methods in tarfile, and shutil.unpack_archive(), have a new a filter argument that allows limiting tar features than may be surprising or dangerous, such as creating files outside the destination directory. See Extraction filters for details. In Python 3.14, the default will switch to 'data'. (Contributed by Petr Viktorin in PEP 706.)

Describe the solution you'd like
Bandit should take advantage of this new tarfile function.

Describe alternatives you've considered
n/a

Additional context
https://docs.python.org/3.12/whatsnew/3.12.html#new-features

Love this idea? Give it a 👍. We prioritize fulfilling features with the most 👍.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

filter data is safe for tarfile extractall etienneschalk/bandit
1 participant
@ericwb