Skip to content

Fix ZipSlip path traversal vulnerability in ArtifactTool zip extraction#47523

Draft
Copilot wants to merge 2 commits into
mainfrom
copilot/fix-code-for-review-comment
Draft

Fix ZipSlip path traversal vulnerability in ArtifactTool zip extraction#47523
Copilot wants to merge 2 commits into
mainfrom
copilot/fix-code-for-review-comment

Conversation

Copilot AI commented Jun 16, 2026
edited
Loading

Copy link
Copy Markdown
Contributor

_redirect_artifacts_tool_path was calling ZipFile.extractall() directly without validating member paths, leaving it open to ZipSlip/path traversal attacks where a malicious zip could write files outside the intended temp directory.

Changes

  • _artifact_utils.py: Replace extractall() with member-by-member extraction using infolist() (covers directories as well as files); resolve each member's path and assert it stays within the target directory before extracting; raise RuntimeError on any unsafe entry.
artifacts_tool_resolved = Path(artifacts_tool_path).resolve()
for member_info in zip_file.infolist():
    member_resolved = (artifacts_tool_resolved / member_info.filename).resolve()
    if not member_resolved.is_relative_to(artifacts_tool_resolved):
        raise RuntimeError(
            f"Unsafe path in zip archive: '{member_info.filename}' resolves outside the target directory."
        )
    zip_file.extract(member_info, artifacts_tool_path)

@ayushhgarg-work
Fix ZipSlip path traversal vulnerability in ArtifactTool zip extraction
869e21c 
Replace unsafe `ZipFile.extractall()` with member-by-member extraction
that validates each entry's resolved path stays within the target
directory using `infolist()` for complete coverage including directories.

Co-authored-by: ayushhgarg-work <259261949+ayushhgarg-work@users.noreply.github.com>
Copilot AI changed the title [WIP] Fix code for review comment in PR 46714 Fix ZipSlip path traversal vulnerability in ArtifactTool zip extraction Jun 16, 2026
Copilot AI requested a review from ayushhgarg-work June 16, 2026 10:24
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@ayushhgarg-work ayushhgarg-work Awaiting requested review from ayushhgarg-work

@achauhan-scc achauhan-scc Awaiting requested review from achauhan-scc achauhan-scc will be requested when the pull request is marked ready for review achauhan-scc is a code owner

@arunsu arunsu Awaiting requested review from arunsu arunsu will be requested when the pull request is marked ready for review arunsu is a code owner

@jayesh-tanna jayesh-tanna Awaiting requested review from jayesh-tanna jayesh-tanna will be requested when the pull request is marked ready for review jayesh-tanna is a code owner

@JustinFirsching JustinFirsching Awaiting requested review from JustinFirsching JustinFirsching will be requested when the pull request is marked ready for review JustinFirsching is a code owner

@kingernupur kingernupur Awaiting requested review from kingernupur kingernupur will be requested when the pull request is marked ready for review kingernupur is a code owner

@nick863 nick863 Awaiting requested review from nick863 nick863 will be requested when the pull request is marked ready for review nick863 is a code owner

@NonStatic2014 NonStatic2014 Awaiting requested review from NonStatic2014 NonStatic2014 will be requested when the pull request is marked ready for review NonStatic2014 is a code owner

@novaturient95 novaturient95 Awaiting requested review from novaturient95 novaturient95 will be requested when the pull request is marked ready for review novaturient95 is a code owner

@raduk raduk Awaiting requested review from raduk raduk will be requested when the pull request is marked ready for review raduk is a code owner

@rtanase rtanase Awaiting requested review from rtanase rtanase will be requested when the pull request is marked ready for review rtanase is a code owner

@sharma-riti sharma-riti Awaiting requested review from sharma-riti sharma-riti will be requested when the pull request is marked ready for review sharma-riti is a code owner

@vivram vivram Awaiting requested review from vivram vivram will be requested when the pull request is marked ready for review vivram is a code owner

Copilot code review Copilot Awaiting requested review from Copilot Copilot will automatically review once the pull request is marked ready for review

At least 1 approving review is required to merge this pull request.

Assignees

Copilot code review Copilot

@ayushhgarg-work ayushhgarg-work

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@ayushhgarg-work