This is an automated email from the ASF dual-hosted git repository. juergbi pushed a commit to branch juerg/tar in repository https://gitbox.apache.org/repos/asf/buildstream.git
commit e1e5bbba265f459f3bdde77a6e05a26cb075d225 Author: Jürg Billeter <[email protected]> AuthorDate: Fri Jul 12 14:57:59 2024 +0200 tests/frontend/buildcheckout.py: Use tar extraction filter if available Use the `tar` extraction filter if available (upstream Python 3.12+) for consistent behavior with future Python versions and as safeguard against bugs in `bst artifact checkout`. As the tarball is generated by `bst artifact checkout`, there is no security concern. --- tests/frontend/buildcheckout.py | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/tests/frontend/buildcheckout.py b/tests/frontend/buildcheckout.py index 5f5154649..f5e41db63 100644 --- a/tests/frontend/buildcheckout.py +++ b/tests/frontend/buildcheckout.py @@ -609,6 +609,10 @@ def test_build_checkout_tarball_links(datafiles, cli): result.assert_success() with tarfile.open(name=checkout, mode="r:") as tar: + # This tarball is generated by the above `bst artifact checkout`, so there is no security concern. + # Use the `tar` extraction filter if available (upstream Python 3.12+) for consistent behavior with + # future Python versions and as safeguard against bugs in `bst artifact checkout`. + tar.extraction_filter = getattr(tarfile, "tar_filter", (lambda member, path: member)) tar.extractall(extract) with open(os.path.join(extract, "basicfolder", "basicsymlink"), encoding="utf-8") as fp:
