From: Andreas Schneider Date: Tue, 6 Jun 2023 14:06:57 +0000 (+0200) Subject: python:tests: Adopt safe_tarfile for extraction_filter raises X-Git-Tag: samba-4.18.4~15 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=4a79ee44c311f1a78de9fc9d2b8bc73fb4987719;p=thirdparty%2Fsamba.git python:tests: Adopt safe_tarfile for extraction_filter raises BUG: https://bugzilla.samba.org/show_bug.cgi?id=15390 Signed-off-by: Andreas Schneider Reviewed-by: Douglas Bagnall (cherry picked from commit ebaa00816259cbae5c45ebf0ba5fb260b09e4695) --- diff --git a/python/samba/tests/safe_tarfile.py b/python/samba/tests/safe_tarfile.py index 40aa9e17d4a..cf9b725afcb 100644 --- a/python/samba/tests/safe_tarfile.py +++ b/python/samba/tests/safe_tarfile.py @@ -43,9 +43,16 @@ class SafeTarFileTestCase(TestCaseInTempDir): stf = safe_tarfile.open(tarname) - self.assertRaises(tarfile.ExtractError, - stf.extractall, - tarname) + # We we have data_filter, we have a patched python to address + # CVE-2007-4559. + if hasattr(tarfile, "data_filter"): + self.assertRaises(tarfile.OutsideDestinationError, + stf.extractall, + tarname) + else: + self.assertRaises(tarfile.ExtractError, + stf.extractall, + tarname) self.rm_files('x', 'tar.tar') def test_slash(self): @@ -60,8 +67,16 @@ class SafeTarFileTestCase(TestCaseInTempDir): tf.close() stf = safe_tarfile.open(tarname) - self.assertRaises(tarfile.ExtractError, - stf.extractall, - tarname) + + # We we have data_filter, we have a patched python to address + # CVE-2007-4559. + if hasattr(tarfile, "data_filter"): + self.assertRaises(NotADirectoryError, + stf.extractall, + tarname) + else: + self.assertRaises(tarfile.ExtractError, + stf.extractall, + tarname) self.rm_files('x', 'tar.tar')