Fix #21003: Validate extraction paths to prevent Zip Slip path traversal#21345
Open
R-Panic wants to merge 1 commit intosmartcontractkit:developfrom
Open
Fix #21003: Validate extraction paths to prevent Zip Slip path traversal#21345R-Panic wants to merge 1 commit intosmartcontractkit:developfrom
R-Panic wants to merge 1 commit intosmartcontractkit:developfrom
Conversation
- Added path validation using filepath.Clean to ensure extracted files stay within target directory - Strips directory components using filepath.Base() to flatten extraction - Added check for invalid filenames (., .., empty) - Added safety verification that resolved path is within target directory - Added comprehensive test suite for Zip Slip scenarios - Protects against RCE via malicious archives attempting to write outside target directory Fixes smartcontractkit#21003
R-Panic
requested review from
0xAustinWang,
agusaldasoro,
asoliman92,
b-gopalswami,
chris-de-leon-cll,
ogtownsend and
winder
product-security-plaid-production
bot
requested review from
DimitriosNaikopoulos and
fernandofederico1984
|
Hi team, I'll validate extraction paths to prevent Zip Slip path traversal vulnerabilities. This is a critical security fix. My approach:
Please assign! |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Fixes #21003
Summary
Fixed a security vulnerability in
downloadProgramArtifactswhere files from tar.gz archives could be extracted without proper path validation, making the system vulnerable to Zip Slip (Path Traversal) attacks.Changes
Added path validation using
filepath.Clean()../../etc/passwd)Added filename validation
.(current directory), and..(parent directory)Implemented safe extraction
filepath.Base()Comprehensive test coverage
TestDownloadProgramArtifacts_PathTraversal_ZipSlipwith multiple attack vectorsTestDownloadProgramArtifacts_ValidExtractionto verify proper flatteningSecurity Impact
This fix prevents potential Remote Code Execution (RCE) or system compromise by blocking malicious archives attempting to overwrite critical system files.