Previous changeset 3:cc18f0f3514c (2020-11-22) Next changeset 5:ed86a8f378c8 (2024-05-21) |
Commit message:
planemo upload for repository https://github.com/galaxyproject/tools-iuc/tree/master/data_managers/data_manager_qiime_database_downloader commit 09b56ef3e09ad6c5923c88616fea5cbd77d87616 |
modified:
data_manager/data_manager_qiime_download.py data_manager/data_manager_qiime_download.xml |
b |
diff -r cc18f0f3514c -r c4dba88e85ef data_manager/data_manager_qiime_download.py --- a/data_manager/data_manager_qiime_download.py Sun Nov 22 12:53:09 2020 +0000 +++ b/data_manager/data_manager_qiime_download.py Mon Dec 18 09:36:52 2023 +0000 |
[ |
@@ -183,7 +183,20 @@ archive_content_path = "tmp" if ext == "tar.gz" or ext == "tgz": with tarfile.open(filepath) as tar: - tar.extractall(path=archive_content_path) + def is_within_directory(directory, target): + abs_directory = os.path.abspath(directory) + abs_target = os.path.abspath(target) + prefix = os.path.commonprefix([abs_directory, abs_target]) + return prefix == abs_directory + + def safe_extract(tar, path=".", members=None, *, numeric_owner=False): + for member in tar.getmembers(): + member_path = os.path.join(path, member.name) + if not is_within_directory(path, member_path): + raise Exception("Attempted Path Traversal in Tar File") + tar.extractall(path, members, numeric_owner=numeric_owner) + + safe_extract(tar, path=archive_content_path) archive_content_path = find_archive_content_path(archive_content_path) elif ext == "zip": with zipfile.ZipFile(filepath, 'r') as zip_ref: |
b |
diff -r cc18f0f3514c -r c4dba88e85ef data_manager/data_manager_qiime_download.xml --- a/data_manager/data_manager_qiime_download.xml Sun Nov 22 12:53:09 2020 +0000 +++ b/data_manager/data_manager_qiime_download.xml Mon Dec 18 09:36:52 2023 +0000 |
b |
@@ -1,4 +1,4 @@ -<tool id="data_manager_qiime_download" name="Download QIIME reference databases" version="1.9.1" tool_type="manage_data"> +<tool id="data_manager_qiime_download" name="Download QIIME reference databases" version="1.9.2" tool_type="manage_data"> <description></description> <requirements> <requirement type="package" version="2.13.0">requests</requirement> @@ -90,6 +90,5 @@ ]]></help> <citations> <citation type="doi">10.1038/nmeth.f.303</citation> - <yield /> </citations> </tool> \ No newline at end of file |