Skip to content

fix(parse): prevent Zip Slip path traversal in _extract_zip (CWE-22) #89

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
MaojiaSheng merged 1 commit into from
Feb 7, 2026
Merged

fix(parse): prevent Zip Slip path traversal in _extract_zip (CWE-22) #89

MaojiaSheng merged 1 commit into from
Feb 7, 2026
+222 −2

Conversation

@ze-mu-zhou
Copy link
Contributor

@ze-mu-zhou ze-mu-zhou commented Feb 7, 2026

Description

CodeRepositoryParser._extract_zip() calls zipfile.extractall() without validating member paths. An attacker can craft a malicious zip containing entries like ../../evil.txt, /etc/passwd, C:\evil.txt, ..\..\evil.txt, \server\share\evil.txt, or symlink entries to write files outside the target directory during extraction (Zip Slip, CWE-22).

This PR replaces extractall() with per-member extraction and implements 5-layer defense-in-depth:

  1. Skip directory entries (info.is_dir() + stat.S_ISDIR) — directories are created implicitly when extracting their children
  2. Skip symlink entries (stat.S_ISLNK) — prevents symlink-based escapes to external paths
  3. Pre-extraction rejection of raw filename — raise ValueError if raw path contains .. components, is absolute, or has a drive letter
  4. Post-normalization verification — normalize path using the same algorithm as zipfile._extract_member, then verify with Path.is_relative_to()
  5. Post-extraction verification — verify the actual path written to disk, clean up and raise ValueError if it escapes

Related Issue

No existing issue. Vulnerability discovered via code audit.

Type of Change

  • Bug fix (non-breaking change that fixes an issue)
  • New feature (non-breaking change that adds functionality)
  • Breaking change (fix or feature that would cause existing functionality to not work as expected)
  • Documentation update
  • Refactoring (no functional changes)
  • Performance improvement
  • Test update

Changes Made

  • Replace zip_ref.extractall(target_dir) with per-member safe extraction and 5-layer path validation (code.py +50/-2)
  • Add import stat and from pathlib import PurePosixPath
  • Add tests/misc/test_extract_zip.py (11 regression tests)
  • Update tests/README.md with missing entries for the misc/ test directory

Testing

  • I have added tests that prove my fix is effective or that my feature works
  • New and existing unit tests pass locally with my changes
  • I have tested this on the following platforms:
    • Linux
    • macOS
    • Windows

11 test cases covering the following scenarios:

Category Test Case Expected Behavior
Normal extraction Multi-file zip, stem name return No regression, files extracted correctly
../ traversal ../../evil.txt raise ValueError, no file escape
Absolute path /etc/passwd raise ValueError, no file escape
Nested traversal foo/../../evil.txt raise ValueError, no file escape
Windows drive path C:\evil.txt raise ValueError, no file escape
Backslash traversal ..\..\evil.txt raise ValueError, no file escape
UNC path \server\share\evil.txt raise ValueError, no file escape
Symlink entry external_attr set to S_IFLNK Silently skipped, not extracted
.. normalization ./.. (contains .., normalizes to empty) raise ValueError (fail-fast, .. rejected before normalization)
Directory entry mydir/ Silently skipped, child files extracted normally

All attack vectors verified as successfully blocked on Windows + Python 3.13.

Checklist

  • My code follows the project's coding style
  • I have performed a self-review of my code
  • I have commented my code, particularly in hard-to-understand areas
  • I have made corresponding changes to the documentation
  • My changes generate no new warnings
  • Any dependent changes have been merged and published

Additional Notes

Behavioral impact: No change for legitimate zip files. extractall() is replaced with equivalent per-member extract() calls (internally, extractall is just a loop over extract). The only new behavior is raising ValueError on malicious entries.

Performance impact: Negligible. All added checks are in-memory string operations (split, replace, is_relative_to) with no additional I/O.

Fail-fast design decision: The implementation raises ValueError immediately upon detecting a malicious entry, rather than skipping it and continuing. A zip containing malicious entries is considered untrustworthy as a whole — continuing to extract remaining members carries risk. Fail-fast ensures the caller is notified and can handle the exception.

Python compatibility: The project requires Python 3.9+, and zipfile's built-in ../ sanitization was only added in Python 3.12+. On Python 3.9–3.11, extractall() performs no path traversal protection at all, making this fix necessary. Even on Python 3.12+, this fix provides independent defense covering attack vectors that zipfile does not handle (symlink entries, absolute paths, drive letter paths).

@ze-mu-zhou
fix(parse): prevent Zip Slip path traversal in _extract_zip (CWE-22)
ed5290a 
Replace unsafe zipfile.extractall() with per-member extraction
and 5-layer defense-in-depth validation.
@ze-mu-zhou ze-mu-zhou marked this pull request as ready for review February 7, 2026 05:41
@MaojiaSheng
Copy link
Collaborator

MaojiaSheng commented Feb 7, 2026

good job

@MaojiaSheng MaojiaSheng merged commit 0b6f864 into volcengine:main Feb 7, 2026
3 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@MaojiaSheng MaojiaSheng MaojiaSheng approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@ze-mu-zhou @MaojiaSheng