Path Traversal in Tarfile Extraction
Description
The `tarfile.open($PATH).extractall()` function is vulnerable to path traversal attacks if the source tar is controlled by an attacker. This can lead to arbitrary file writes and potentially code execution.
Examples
Insecure Code
python
tarfile.open('example.tar').extractall()Secure Code
python
tarfile.open('example.tar').extractall.members(['allowed_file.txt'])Remediation
Use the `extractall` method with the `members` parameter to specify the files to extract, or use a whitelist of allowed paths.
Rule Details
| Field | Value |
|---|---|
| ID | CODE-0516 |
| Category | Injection |
| Severity | HIGH |
| CWE | CWE-22 |
| Confidence | MEDIUM |
| Impact | MEDIUM |
| Likelihood | MEDIUM |
| Exploitability | EASY |
| Tags | path traversal, tarfile |
| OWASP | N/A |