Path traversal issue security fix

SECURITY.md

@@ -0,0 +1,18 @@
+# Security Policy
+
+## Reporting a Vulnerability
+MONAI takes security seriously and appreciate your efforts to responsibly disclose vulnerabilities. If you discover a security issue, please report it as soon as possible.
+
+To report a security issue:
+* please use the GitHub Security Advisories tab to "[Open a draft security advisory](https://github.com/Project-MONAI/MONAI/security/advisories/new)".
+* Include a detailed description of the issue, steps to reproduce, potential impact, and any possible mitigations.
+* If applicable, please also attach proof-of-concept code or screenshots.
+* We aim to acknowledge your report within 72 hours and provide a status update as we investigate.
+* Please do not create public issues for security-related reports.
+
+## Disclosure Policy
+* We follow a coordinated disclosure approach.
+* We will not publicly disclose vulnerabilities until a fix has been developed and released.
+* Credit will be given to researchers who responsibly disclose vulnerabilities, if requested.
+## Acknowledgements
+We greatly appreciate contributions from the security community and strive to recognize all researchers who help keep MONAI safe.

monai/apps/utils.py

@@ -11,12 +11,12 @@
 
 from __future__ import annotations
 
+import os
+import shutil
 import hashlib
 import json
 import logging
-import os
 import re
-import shutil
 import sys
 import tarfile
 import tempfile
@@ -80,7 +80,6 @@ def get_logger(
 logger = get_logger("monai.apps")
 __all__.append("logger")
 
-
 def _basename(p: PathLike) -> str:
     """get the last part of the path (removing the trailing slash if it exists)"""
     sep = os.path.sep + (os.path.altsep or "") + "/ "
@@ -121,6 +120,36 @@ def update_to(self, b: int = 1, bsize: int = 1, tsize: int | None = None) -> Non
         logger.error(f"Download failed from {url} to {filepath}.")
         raise e
 
+def safe_extract_member(member, extract_to):
+    """Securely verify compressed package member paths to prevent path traversal attacks"""
+    # Get member path (handle different compression formats)
+    if hasattr(member, 'filename'):
+        member_path = member.filename  # zipfile
+    elif hasattr(member, 'name'):
+        member_path = member.name  # tarfile
+    else:
+        member_path = str(member)
+
+    if hasattr(member, 'issym') and member.issym():
+        raise ValueError(f"Symbolic link detected in archive: {member_path}")
+    if hasattr(member, 'islnk') and member.islnk():
+        raise ValueError(f"Hard link detected in archive: {member_path}")
+
+    member_path = os.path.normpath(member_path)
+
+    if os.path.isabs(member_path) or '..' in member_path.split(os.sep):
+        raise ValueError(f"Unsafe path detected in archive: {member_path}")
+
+    full_path = os.path.join(extract_to, member_path)
+    full_path = os.path.normpath(full_path)
+
+    extract_to_abs = os.path.abspath(extract_to)
+    full_path_abs = os.path.abspath(full_path)
+
+    if not (full_path_abs == extract_to_abs or full_path_abs.startswith(extract_to_abs + os.sep)):
+        raise ValueError(f"Path traversal attack detected: {member_path}")
+
+    return full_path
 
 def check_hash(filepath: PathLike, val: str | None = None, hash_type: str = "md5") -> bool:
     """
@@ -287,14 +316,30 @@ def extractall(
     logger.info(f"Writing into directory: {output_dir}.")
     _file_type = file_type.lower().strip()
     if filepath.name.endswith("zip") or _file_type == "zip":
-        zip_file = zipfile.ZipFile(filepath)
-        zip_file.extractall(output_dir)
-        zip_file.close()
+        with zipfile.ZipFile(filepath, 'r') as zip_file:
+            for member in zip_file.infolist():
+                safe_path = safe_extract_member(member, output_dir)
+                if member.is_dir():
+                    continue
+
+                os.makedirs(os.path.dirname(safe_path), exist_ok=True)
+                with zip_file.open(member) as source:
+                    with open(safe_path, 'wb') as target:
+                        shutil.copyfileobj(source, target)
         return
     if filepath.name.endswith("tar") or filepath.name.endswith("tar.gz") or "tar" in _file_type:
-        tar_file = tarfile.open(filepath)
-        tar_file.extractall(output_dir)
-        tar_file.close()
+        with tarfile.open(filepath, 'r') as tar_file:
+            for member in tar_file.getmembers():
+                safe_path = safe_extract_member(member, output_dir)
+                if not member.isfile():
+                    continue
+
+                os.makedirs(os.path.dirname(safe_path), exist_ok=True)
+                source = tar_file.extractfile(member)
+                if source is not None:
+                    with source:
+                        with open(safe_path, 'wb') as target:
+                            shutil.copyfileobj(source, target)
         return
     raise NotImplementedError(
         f'Unsupported file type, available options are: ["zip", "tar.gz", "tar"]. name={filepath} type={file_type}.'

tests/apps/test_download_and_extract.py

@@ -13,6 +13,8 @@
 
 import tempfile
 import unittest
+import zipfile
+import tarfile
 from pathlib import Path
 from urllib.error import ContentTooShortError, HTTPError
 
@@ -66,5 +68,187 @@ def test_default(self, key, file_type):
                 )
 
 
+class TestPathTraversalProtection(unittest.TestCase):
+    """Test cases for path traversal attack protection in extractall function."""
+
+    def test_valid_zip_extraction(self):
+        """Test that valid zip files extract successfully without raising exceptions."""
+        with tempfile.TemporaryDirectory() as tmp_dir:
+            # Create a valid zip file
+            zip_path = Path(tmp_dir) / "valid_test.zip"
+            extract_dir = Path(tmp_dir) / "extract"
+            extract_dir.mkdir()
+
+            # Create zip with normal file structure
+            with zipfile.ZipFile(zip_path, 'w') as zf:
+                zf.writestr("normal_file.txt", "This is a normal file")
+                zf.writestr("subdir/nested_file.txt", "This is a nested file")
+                zf.writestr("another_file.json", '{"key": "value"}')
+
+            # This should not raise any exception
+            try:
+                extractall(str(zip_path), str(extract_dir))
+
+                # Verify files were extracted correctly
+                self.assertTrue((extract_dir / "normal_file.txt").exists())
+                self.assertTrue((extract_dir / "subdir" / "nested_file.txt").exists())
+                self.assertTrue((extract_dir / "another_file.json").exists())
+
+                # Verify content
+                with open(extract_dir / "normal_file.txt") as f:
+                    self.assertEqual(f.read(), "This is a normal file")
+
+            except Exception as e:
+                self.fail(f"Valid zip extraction should not raise exception: {e}")
+
+    def test_malicious_zip_path_traversal(self):
+        """Test that malicious zip files with path traversal attempts raise ValueError."""
+        with tempfile.TemporaryDirectory() as tmp_dir:
+            # Create malicious zip file with path traversal
+            zip_path = Path(tmp_dir) / "malicious_test.zip"
+            extract_dir = Path(tmp_dir) / "extract"
+            extract_dir.mkdir()
+
+            # Create zip with malicious paths
+            with zipfile.ZipFile(zip_path, 'w') as zf:
+                # Try to write outside extraction directory
+                zf.writestr("../../../etc/malicious.txt", "malicious content")
+                zf.writestr("normal_file.txt", "normal content")
+
+            # This should raise ValueError due to path traversal detection
+            with self.assertRaises(ValueError) as context:
+                extractall(str(zip_path), str(extract_dir))
+
+            self.assertIn("unsafe path", str(context.exception).lower())
+
+    def test_valid_tar_extraction(self):
+        """Test that valid tar files extract successfully without raising exceptions."""
+        with tempfile.TemporaryDirectory() as tmp_dir:
+            # Create a valid tar file
+            tar_path = Path(tmp_dir) / "valid_test.tar.gz"
+            extract_dir = Path(tmp_dir) / "extract"
+            extract_dir.mkdir()
+
+            # Create tar with normal file structure
+            with tarfile.open(tar_path, 'w:gz') as tf:
+                # Create temporary files to add to tar
+                temp_file1 = Path(tmp_dir) / "temp1.txt"
+                temp_file1.write_text("This is a normal file")
+                tf.add(temp_file1, arcname="normal_file.txt")
+
+                temp_file2 = Path(tmp_dir) / "temp2.txt"
+                temp_file2.write_text("This is a nested file")
+                tf.add(temp_file2, arcname="subdir/nested_file.txt")
+
+            # This should not raise any exception
+            try:
+                extractall(str(tar_path), str(extract_dir))
+
+                # Verify files were extracted correctly
+                self.assertTrue((extract_dir / "normal_file.txt").exists())
+                self.assertTrue((extract_dir / "subdir" / "nested_file.txt").exists())
+
+                # Verify content
+                with open(extract_dir / "normal_file.txt") as f:
+                    self.assertEqual(f.read(), "This is a normal file")
+
+            except Exception as e:
+                self.fail(f"Valid tar extraction should not raise exception: {e}")
+
+    def test_malicious_tar_path_traversal(self):
+        """Test that malicious tar files with path traversal attempts raise ValueError."""
+        with tempfile.TemporaryDirectory() as tmp_dir:
+            # Create malicious tar file with path traversal
+            tar_path = Path(tmp_dir) / "malicious_test.tar.gz"
+            extract_dir = Path(tmp_dir) / "extract"
+            extract_dir.mkdir()
+
+            # Create tar with malicious paths
+            with tarfile.open(tar_path, 'w:gz') as tf:
+                # Create a temporary file
+                temp_file = Path(tmp_dir) / "temp.txt"
+                temp_file.write_text("malicious content")
+
+                # Add with malicious path (trying to write outside extraction directory)
+                tf.add(temp_file, arcname="../../../etc/malicious.txt")
+
+            # This should raise ValueError due to path traversal detection
+            with self.assertRaises(ValueError) as context:
+                extractall(str(tar_path), str(extract_dir))
+
+            self.assertIn("unsafe path", str(context.exception).lower())
+
+    def test_absolute_path_protection(self):
+        """Test protection against absolute paths in archives."""
+        with tempfile.TemporaryDirectory() as tmp_dir:
+            # Create zip with absolute path
+            zip_path = Path(tmp_dir) / "absolute_path_test.zip"
+            extract_dir = Path(tmp_dir) / "extract"
+            extract_dir.mkdir()
+
+            with zipfile.ZipFile(zip_path, 'w') as zf:
+                # Try to use absolute path
+                zf.writestr("/etc/passwd", "malicious content")
+
+            # This should raise ValueError due to absolute path detection
+            with self.assertRaises(ValueError) as context:
+                extractall(str(zip_path), str(extract_dir))
+
+            self.assertIn("unsafe path", str(context.exception).lower())
+
+    def test_malicious_symlink_protection(self):
+        """Test protection against malicious symlinks in tar archives."""
+        with tempfile.TemporaryDirectory() as tmp_dir:
+            # Create malicious tar file with symlink
+            tar_path = Path(tmp_dir) / "malicious_symlink_test.tar.gz"
+            extract_dir = Path(tmp_dir) / "extract"
+            extract_dir.mkdir()
+
+            # Create tar with malicious symlink
+            with tarfile.open(tar_path, 'w:gz') as tf:
+                temp_file = Path(tmp_dir) / "normal.txt"
+                temp_file.write_text("normal content")
+                tf.add(temp_file, arcname="normal.txt")
+
+                symlink_info = tarfile.TarInfo(name="malicious_symlink.txt")
+                symlink_info.type = tarfile.SYMTYPE
+                symlink_info.linkname = "../../../etc/passwd"
+                symlink_info.size = 0
+                tf.addfile(symlink_info)
+
+            with self.assertRaises(ValueError) as context:
+                extractall(str(tar_path), str(extract_dir))
+
+            error_msg = str(context.exception).lower()
+            self.assertTrue("unsafe path" in error_msg or "symlink" in error_msg)
+
+    def test_malicious_hardlink_protection(self):
+        """Test protection against malicious hard links in tar archives."""
+        with tempfile.TemporaryDirectory() as tmp_dir:
+            # Create malicious tar file with hard link
+            tar_path = Path(tmp_dir) / "malicious_hardlink_test.tar.gz"
+            extract_dir = Path(tmp_dir) / "extract"
+            extract_dir.mkdir()
+
+            # Create tar with malicious hard link
+            with tarfile.open(tar_path, 'w:gz') as tf:
+                temp_file = Path(tmp_dir) / "normal.txt"
+                temp_file.write_text("normal content")
+                tf.add(temp_file, arcname="normal.txt")
+
+                hardlink_info = tarfile.TarInfo(name="malicious_hardlink.txt")
+                hardlink_info.type = tarfile.LNKTYPE
+                hardlink_info.linkname = "/etc/passwd"
+                hardlink_info.size = 0
+                tf.addfile(hardlink_info)
+
+            with self.assertRaises(ValueError) as context:
+                extractall(str(tar_path), str(extract_dir))
+
+            error_msg = str(context.exception).lower()
+            self.assertTrue("unsafe path" in error_msg or "hardlink" in error_msg)
+
+
+
 if __name__ == "__main__":
     unittest.main()