From 78ac8c36c21dd620dba3e45fd9cda0d206ab85a2 Mon Sep 17 00:00:00 2001 From: "Yue (Knox) Liu" <64764840+yueyueL@users.noreply.github.com> Date: Sun, 4 Jan 2026 13:11:47 +0800 Subject: [PATCH 1/3] Fix Zip Slip vulnerability in NGC private bundle download Replaced the unsafe `zipfile.extractall()` in `_download_from_ngc_private` with MONAI's safe extraction utility. Prevents path traversal via crafted zip member paths (CWE-22). Signed-off-by: Yue (Knox) Liu <64764840+yueyueL@users.noreply.github.com> --- monai/bundle/scripts.py | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/monai/bundle/scripts.py b/monai/bundle/scripts.py index 2046a6242a..f0c35ff458 100644 --- a/monai/bundle/scripts.py +++ b/monai/bundle/scripts.py @@ -30,7 +30,7 @@ from torch.cuda import is_available from monai._version import get_versions -from monai.apps.utils import _basename, download_url, extractall, get_logger +from monai.apps.utils import _basename, download_url, extractall, get_logger, _extract_zip from monai.bundle.config_parser import ConfigParser from monai.bundle.utils import DEFAULT_INFERENCE, DEFAULT_METADATA, merge_kv from monai.bundle.workflows import BundleWorkflow, ConfigWorkflow @@ -288,10 +288,8 @@ def _download_from_ngc_private( if remove_prefix: filename = _remove_ngc_prefix(filename, prefix=remove_prefix) extract_path = download_path / f"{filename}" - with zipfile.ZipFile(zip_path, "r") as z: - z.extractall(extract_path) - logger.info(f"Writing into directory: {extract_path}.") - + _extract_zip(zip_path, extract_path) + logger.info(f"Writing into directory: {extract_path}.") def _get_ngc_token(api_key, retry=0): """Try to connect to NGC.""" From af6c05342f40c8ab510f8e220bd740aee489152a Mon Sep 17 00:00:00 2001 From: "pre-commit-ci[bot]" <66853113+pre-commit-ci[bot]@users.noreply.github.com> Date: Sun, 4 Jan 2026 05:15:09 +0000 Subject: [PATCH 2/3] [pre-commit.ci] auto fixes from pre-commit.com hooks for more information, see https://pre-commit.ci Signed-off-by: Yue (Knox) Liu <64764840+yueyueL@users.noreply.github.com> --- monai/bundle/scripts.py | 1 - 1 file changed, 1 deletion(-) diff --git a/monai/bundle/scripts.py b/monai/bundle/scripts.py index f0c35ff458..687d6de00e 100644 --- a/monai/bundle/scripts.py +++ b/monai/bundle/scripts.py @@ -17,7 +17,6 @@ import re import urllib import warnings -import zipfile from collections.abc import Mapping, Sequence from functools import partial from pathlib import Path From 4daa3d307fd95571bd4a02d40b2fac48c0a796c6 Mon Sep 17 00:00:00 2001 From: "Yue (Knox) Liu" <64764840+yueyueL@users.noreply.github.com> Date: Mon, 5 Jan 2026 09:26:41 +0000 Subject: [PATCH 3/3] style: fix isort import order Signed-off-by: Yue (Knox) Liu <64764840+yueyueL@users.noreply.github.com> --- monai/bundle/scripts.py | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/monai/bundle/scripts.py b/monai/bundle/scripts.py index 687d6de00e..9fdee6acd0 100644 --- a/monai/bundle/scripts.py +++ b/monai/bundle/scripts.py @@ -29,7 +29,7 @@ from torch.cuda import is_available from monai._version import get_versions -from monai.apps.utils import _basename, download_url, extractall, get_logger, _extract_zip +from monai.apps.utils import _basename, _extract_zip, download_url, extractall, get_logger from monai.bundle.config_parser import ConfigParser from monai.bundle.utils import DEFAULT_INFERENCE, DEFAULT_METADATA, merge_kv from monai.bundle.workflows import BundleWorkflow, ConfigWorkflow @@ -290,6 +290,7 @@ def _download_from_ngc_private( _extract_zip(zip_path, extract_path) logger.info(f"Writing into directory: {extract_path}.") + def _get_ngc_token(api_key, retry=0): """Try to connect to NGC.""" url = "https://authn.nvidia.com/token?service=ngc"