Merge pull request #775 from onekey-sec/safe_tar_symlinks_fix

Fix SafeTarFile symlinks extraction

Co-authored-by: Andrew Fasano <fasano@mit.edu>

Author: e3krisztian

tests/integration/archive/tar/__input__/symlinks.tar

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:152c7a03b3b3276f8a7527bfde01f26b0c4f2ae3f705a6deac0183d8bac2ba1c
+size 10240

tests/integration/archive/tar/__output__/absolute.tar_extract/absolute/absolute-symlink

@@ -1 +1 @@
-absolute/absolute-file
+absolute-file

tests/integration/archive/tar/__output__/absolute.tar_extract/absolute/link_to_etc_shadow

@@ -1 +1 @@
-etc/shadow
+../etc/shadow

tests/integration/archive/tar/__output__/symlinks.tar_extract/test/bin/busybox

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:58eaf5a78d580f5dbd49d31a5b733094169b31bfdf49055b74bcac2877d8f58c
+size 7

tests/integration/archive/tar/__output__/symlinks.tar_extract/test/sbin/cp

@@ -0,0 +1 @@
+../bin/busybox

tests/integration/archive/tar/__output__/symlinks.tar_extract/test/sbin/find

@@ -0,0 +1 @@
+../bin/busybox

tests/integration/archive/tar/__output__/symlinks.tar_extract/test/sbin/ln

@@ -0,0 +1 @@
+../bin/busybox

tests/integration/archive/tar/__output__/symlinks.tar_extract/test/sbin/ls

@@ -0,0 +1 @@
+../bin/busybox

tests/integration/archive/tar/__output__/symlinks.tar_extract/test/sbin/mv

@@ -0,0 +1 @@
+../../bin/busybox

tests/test_file_utils.py

@@ -25,7 +25,7 @@
     round_down,
     round_up,
 )
-from unblob.report import PathTraversalProblem
+from unblob.report import LinkExtractionProblem, PathTraversalProblem
 
 
 @pytest.mark.parametrize(
@@ -503,6 +503,30 @@ def test_create_symlink(self, sandbox: FileSystem):
         assert os.readlink(output_path) == "target file"
         assert sandbox.problems == []
 
+    def test_create_symlink_target_inside_sandbox(self, sandbox: FileSystem):
+        # ./sbin/shell -> ../bin/sh
+        sandbox.mkdir(Path("bin"))
+        sandbox.write_bytes(Path("bin/sh"), b"posix shell")
+        sandbox.mkdir(Path("sbin"))
+        sandbox.create_symlink(Path("../bin/sh"), Path("sbin/shell"))
+
+        output_path = sandbox.root / "sbin/shell"
+        assert output_path.read_bytes() == b"posix shell"
+        assert output_path.exists()
+        assert os.readlink(output_path) == "../bin/sh"
+        assert sandbox.problems == []
+
+    def test_create_symlink_target_outside_sandbox(self, sandbox: FileSystem):
+        # /shell -> ../bin/sh
+        sandbox.mkdir(Path("bin"))
+        sandbox.write_bytes(Path("bin/sh"), b"posix shell")
+        sandbox.create_symlink(Path("../bin/sh"), Path("/shell"))
+
+        assert any(p for p in sandbox.problems if isinstance(p, LinkExtractionProblem))
+        output_path = sandbox.root / "shell"
+        assert not output_path.exists()
+        assert not output_path.is_symlink()
+
     def test_create_symlink_absolute_paths(self, sandbox: FileSystem):
         sandbox.write_bytes(Path("target file"), b"test content")
         sandbox.create_symlink(Path("/target file"), Path("/symlink"))