Minimal patch for pip diff -rU3 pip-22.3.1-orig/src/pip/_internal/utils/unpacking.py pip-22.3.1/src/pip/_internal/utils/unpacking.py --- a/pip/utils/__init__.py 2022-11-05 16:25:43.000000000 +0100 +++ b/pip/utils/__init__.py 2023-08-08 13:17:47.705613554 +0200 @@ -559,6 +559,13 @@ if leading: fn = split_leading_dir(fn)[1] path = os.path.join(location, fn) + + # Call the `data` filter for its side effect (raising exception) + try: + tarfile.data_filter(member.replace(name=fn), location) + except tarfile.LinkOutsideDestinationError: + pass + if member.isdir(): ensure_dir(path) elif member.issym(): Patch for vendored distlib from https://github.com/pypa/distlib/pull/201 diff --git a/distlib/util.py b/distlib/util.py index e0622e4..4349d0b 100644 --- a/pip/_vendor/distlib/util.py +++ b/pip/_vendor/distlib/util.py @@ -1249,6 +1249,19 @@ def check_path(path): for tarinfo in archive.getmembers(): if not isinstance(tarinfo.name, text_type): tarinfo.name = tarinfo.name.decode('utf-8') + + # Limit extraction of dangerous items, if this Python + # allows it easily. If not, just trust the input. + # See: https://docs.python.org/3/library/tarfile.html#extraction-filters + def extraction_filter(member, path): + """Run tarfile.tar_fillter, but raise the expected ValueError""" + # This is only called if the current Python has tarfile filters + try: + return tarfile.tar_filter(member, path) + except tarfile.FilterError as exc: + raise ValueError(str(exc)) + archive.extraction_filter = extraction_filter + archive.extractall(dest_dir) finally: