diff options
author | Zac Medico <zmedico@gentoo.org> | 2024-06-02 14:53:04 -0700 |
---|---|---|
committer | Zac Medico <zmedico@gentoo.org> | 2024-06-09 10:53:31 -0700 |
commit | f620a0769a509966295954c2b0c76e46e8fb4289 (patch) | |
tree | efad0d3bb0d918c2dcdd0ae475295217758d44e7 | |
parent | sync/zipfile: Install zipfile sync method (diff) | |
download | portage-f620a0769a509966295954c2b0c76e46e8fb4289.tar.gz portage-f620a0769a509966295954c2b0c76e46e8fb4289.tar.bz2 portage-f620a0769a509966295954c2b0c76e46e8fb4289.zip |
tar_safe_extract: Use tarfile.fully_trusted_filter
This suppresses a DeprecationWarning triggered because the
tarfile.data_filter will become the new default in python3.14.
The fully_trusted filter should be suitable here because
tar_safe_extract already performs security validation on
tar members prior to extraction.
Bug: https://bugs.gentoo.org/933433
Signed-off-by: Zac Medico <zmedico@gentoo.org>
-rw-r--r-- | lib/portage/gpkg.py | 9 |
1 files changed, 9 insertions, 0 deletions
diff --git a/lib/portage/gpkg.py b/lib/portage/gpkg.py index 9606f6d3c..fdb54c69b 100644 --- a/lib/portage/gpkg.py +++ b/lib/portage/gpkg.py @@ -628,6 +628,15 @@ class tar_safe_extract: if self.closed: raise OSError("Tar file is closed.") temp_dir = tempfile.TemporaryDirectory(dir=dest_dir) + # The below tar member security checks can be refactored as a filter function + # that raises an exception. Use tarfile.fully_trusted_filter for now, which + # is simply an identity function: + # def fully_trusted_filter(member, dest_path): + # return member + try: + self.tar.extraction_filter = tarfile.fully_trusted_filter + except AttributeError: + pass try: while True: member = self.tar.next() |