[3.13] gh-138158: Use the `"data"` tarfile extraction filter in `Tools/ssl/multissltests.py` (GH-138147) (#138263)
gh-138158: Use the `"data"` tarfile extraction filter in `Tools/ssl/multissltests.py` (GH-138147)
The `Tools/ssl/multissltests.py` script may extract a possibly untrusted tarball.
Since the script does not necessarily use Python 3.14 or later (where the `"data"`
filter became the default `tarfile` extraction filter), the user may theoretically
suffer from a path traversal attack.
Although the script should not be used in production and usually relies on downloading
trusted sources, the `"data"` extraction filter is now explicitly used wherever relevant.
(cherry picked from commit
31d3836f26096f9503ca68f4e89d927bc1e060cd)
Co-authored-by: Tommaso Bona <piergeolo@gmail.com>
projects / thirdparty / Python / cpython.git / commit
