fix: update tar traversal to respect current director entry (#225)

spiffcs · web-flow · commit fe426d1b1c84 · 2024-02-29T12:55:58.000-05:00
* fix: update tar traversal to respect current director entry
---------
Signed-off-by: Christopher Phillips &lt;christopher.phillips@anchore.com&gt;
diff --git a/pkg/file/tarutil.go b/pkg/file/tarutil.go
@@ -147,7 +147,9 @@ func (v tarVisitor) visit(entry TarFileEntry) error {
 	target := filepath.Join(v.destination, entry.Header.Name)
 
 	// we should not allow for any destination path to be outside of where we are unarchiving to
-	if !strings.HasPrefix(target, v.destination+string(os.PathSeparator)) {
+	// "." is a special case that we allow (it is the root of the unarchived content)
+	withinDir := v.destination + string(os.PathSeparator)
+	if !strings.HasPrefix(target, withinDir) && entry.Header.Name != "." {
 		return fmt.Errorf("potential path traversal attack with entry: %q", entry.Header.Name)
 	}
 
@@ -157,6 +159,10 @@ func (v tarVisitor) visit(entry TarFileEntry) error {
 		log.WithFields("path", entry.Header.Name).Trace("skipping symlink/link entry in image tar")
 
 	case tar.TypeDir:
+		// we don't need to do anything for directories, they are created as needed
+		if entry.Header.Name == "." {
+			return nil
+		}
 		if _, err := v.fs.Stat(target); err != nil {
 			if err := v.fs.MkdirAll(target, 0755); err != nil {
 				return err
diff --git a/pkg/file/tarutil_test.go b/pkg/file/tarutil_test.go
@@ -279,6 +279,20 @@ func Test_tarVisitor_visit(t *testing.T) {
 			},
 			wantErr: require.Error,
 		},
+		{
+			name: "local . index is not a traversal error and should skip",
+			entry: TarFileEntry{
+				Sequence: 0,
+				Header: tar.Header{
+					Typeflag: tar.TypeDir,
+					Name:     ".",
+					Linkname: "",
+					Size:     2,
+				},
+				Reader: strings.NewReader("hi"),
+			},
+			assertFs: []func(t testing.TB, fs afero.Fs){},
+		},
 		{
 			name: "regular file with possible path traversal errors out (same prefix)",
 			entry: TarFileEntry{
