Update docker-image-extract.py#3457
Update docker-image-extract.py#3457RuslanSemchenko wants to merge 2 commits intoJetBrains:masterfrom
Conversation
![cursor[bot]](https://avatars.githubusercontent.com/in/1210556?s=60&v=4){kind=small}
There was a problem hiding this comment.
Cursor Bugbot has reviewed your changes and found 2 potential issues.
Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, enable autofix in the Cursor dashboard.
| print(' --> skip device files') | ||
| def is_safe_path(basedir, path): | ||
| base = os.path.abspath(basedir) | ||
| target = os.path.abspath(path) |
There was a problem hiding this comment.
Symlink bypass defeats tar slip path traversal protection
High Severity
is_safe_path uses os.path.abspath which only performs string manipulation and does not resolve symlinks. A malicious tar layer can first extract a symlink (e.g., link → /) inside the destination directory, then extract a file like link/etc/cron.d/evil. The os.path.abspath check sees the path as still within extracted_path, but layer_tar.extract follows the symlink and writes outside it. Using os.path.realpath instead of os.path.abspath for target would resolve already-extracted symlinks and correctly detect the traversal.
Additional Locations (1)
| dest = os.path.normpath(os.path.join(extracted_path, tarinfo.name)) | ||
| if not is_safe_path(extracted_path, dest): | ||
| print(f" [!] SECURITY WARNING: Skipping unsafe file (Path Traversal): {tarinfo.name}") | ||
| continue |
There was a problem hiding this comment.
Link targets are never validated by security check
High Severity
The is_safe_path check only validates tarinfo.name (the entry's filesystem destination) but never inspects tarinfo.linkname (the target of symlink or hardlink entries). A malicious tar can include a hardlink with a safe-looking name but a linkname like ../../etc/shadow, causing tarfile.extract to create a hard link to a sensitive file outside the extraction directory. Similarly, a symlink entry can have linkname pointing to an arbitrary absolute path. This is a separate bypass from the abspath-vs-realpath issue and matches the pattern described in CVE-2025-4138.
|
You have used all of your free Bugbot PR reviews. To receive reviews on all of your PRs, visit the Cursor dashboard to activate Pro and start your 14-day free trial. |
2 participants
Added a security check to prevent Tar Slip by ensuring that all extracted files remain within the designated destination directory
Maybe need some fix idk
Note
Medium Risk
Changes the extraction logic of
docker-image-extract.pyby adding path-safety checks and broader error handling, which could alter what files get extracted or skipped. Low blast radius, but mistakes here could still lead to incomplete/failed layer extraction or missed edge cases with tar paths/symlinks.Overview
Adds a safety guard to
docker-image-extract.pyto prevent tar path traversal (Tar Slip) by verifying each layer entry resolves within the destination directory and skipping unsafe paths.Refactors the script into a
main()with basic argument validation, creates the destination directory if needed, and adds error handling around opening the image, readingmanifest.json, and extracting individual entries (while still skipping device files and replacing existing files/links).Written by Cursor Bugbot for commit 960aab1. This will update automatically on new commits. Configure here.