fix(sevenz): normalize backslash in entry names before validation#377
Merged
Conversation
…, #365) On Unix, entry names containing `\` (e.g. `..\..\\x`) were treated as a single path component by std's PathBuf, bypassing traversal detection in SafePath::validate. The upstream sevenz-rust2 safe_join that previously rejected these was removed in #375 when switching to for_each_entries. Add `formats::common::normalize_entry_name` that replaces `\` with `/` before PathBuf construction. Apply it in all three 7z entry-name sites: the extraction pre-validation loop, the extraction callback, and the list/verify path in inspection/list.rs. This ensures extract, list, and verify all agree on traversal detection. ZIP is unaffected (zip crate handles Windows paths internally via enclosed_name). TAR is correctly left un-normalized (`\` is a legal Unix filename character in TAR). Closes #376 Closes #365
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
formats::common::normalize_entry_namehelper that converts\to/in 7z entry names beforePathBufconstructioninspection/list.rs)SafePath::validatedoc commentBackground
When #375 switched the 7z handler from
decompress_with_extract_fntoArchiveReader::for_each_entries, the upstreamsafe_joincheck (which didreplace('\\', '/')) was bypassed. On Unix, a\-containing entry name like..\\..\xbecomes a singleNormalpath component inPathBuf, silently passing traversal detection. The extract path would accept the entry; the list/verify path had the same gap.Test plan
test_7z_backslash_entry_rejected— asserts..\\..\\x→PathTraversalerror on all platformscargo nextest run --workspace --all-features --exclude exarch-python --exclude exarch-node— 932 tests passcargo test --doc -p exarch-core --all-features— 98 doc-tests passcargo clippy --workspace --all-targets --all-features -- -D warnings— cleanRUSTDOCFLAGS="-D warnings" cargo doc --no-deps --all-features --workspace— cleanCloses #376
Closes #365