Skip to content

Security

provide.foundation.archive.security

Archive extraction security utilities.

Provides path validation to prevent common archive extraction vulnerabilities.

Functions

is_safe_path 

is_safe_path(base_dir: Path, target_path: str) -> bool

Validate that a path is safe for extraction.

Prevents: - Path traversal attacks (..) - Absolute paths - Symlinks that point outside base directory

Uses modern Path.is_relative_to() for robust path containment checks, avoiding string manipulation vulnerabilities.

Parameters:

Name Type Description Default
base_dir Path

Base extraction directory

 required
target_path str

Path to validate

 required

Returns:

Type Description
bool

True if path is safe, False otherwise

Examples:

>>> base = Path("/tmp/extract")
>>> is_safe_path(base, "file.txt")  # Safe
True
>>> is_safe_path(base, "../etc/passwd")  # Path traversal
False
>>> is_safe_path(base, "/etc/passwd")  # Absolute path
False
Source code in provide/foundation/archive/security.py 
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
def is_safe_path(base_dir: Path, target_path: str) -> bool:
    """Validate that a path is safe for extraction.

    Prevents:
    - Path traversal attacks (..)
    - Absolute paths
    - Symlinks that point outside base directory

    Uses modern Path.is_relative_to() for robust path containment checks,
    avoiding string manipulation vulnerabilities.

    Args:
        base_dir: Base extraction directory
        target_path: Path to validate

    Returns:
        True if path is safe, False otherwise

    Examples:
        >>> base = Path("/tmp/extract")
        >>> is_safe_path(base, "file.txt")  # Safe
        True
        >>> is_safe_path(base, "../etc/passwd")  # Path traversal
        False
        >>> is_safe_path(base, "/etc/passwd")  # Absolute path
        False
    """
    # Check for absolute paths
    if Path(target_path).is_absolute():
        return False

    # Check for path traversal patterns
    if ".." in Path(target_path).parts:
        return False

    # Normalize and resolve the full path
    try:
        full_path = (base_dir / target_path).resolve()
        base_resolved = base_dir.resolve()

        # Use modern is_relative_to() for robust containment check
        # This catches symlinks and other tricks without string manipulation
        return full_path.is_relative_to(base_resolved)
    except (ValueError, OSError):
        return False