CVE-2007-4559 Patch (#350)

* Adding tarfile member sanitization to extractall()

* Update download_data.py

formatting issues

* Update download_data.py

More

* Update download_data.py

* Update download_data.py

* Update download_data.py

Co-authored-by: ad-daniel <44834743+ad-daniel@users.noreply.github.com>

projects/simulation/SMPL+D_human_models/src/download_data.py

@@ -49,8 +49,24 @@ def reporthook(count, block_size, total_size):
     start_time = 0
     last_print = 0
     urlretrieve(human_data_url, downloaded_human_data_path, reporthook=reporthook)
+
+    def is_within_directory(directory, target):
+        abs_directory = os.path.abspath(directory)
+        abs_target = os.path.abspath(target)
+        prefix = os.path.commonprefix([abs_directory, abs_target])
+
+        return prefix == abs_directory
+
+    def safe_extract(tar, path=".", members=None, *, numeric_owner=False):
+        for member in tar.getmembers():
+            member_path = os.path.join(path, member.name)
+            if not is_within_directory(path, member_path):
+                raise Exception("Attempted Path Traversal in Tar File")
+
+        tar.extractall(path, members, numeric_owner=numeric_owner)
+
     with tarfile.open(downloaded_human_data_path) as tar:
-        tar.extractall(path=os.path.join(OPENDR_HOME, 'projects/simulation/SMPL+D_human_models'))
+        safe_extract(tar, path=os.path.join(OPENDR_HOME, 'projects/simulation/SMPL+D_human_models'))
     tar.close()
     os.remove(downloaded_human_data_path)
 
@@ -64,7 +80,7 @@ def reporthook(count, block_size, total_size):
     last_print = 0
     urlretrieve(model_url, downloaded_model_path, reporthook=reporthook)
     with tarfile.open(downloaded_model_path) as tar:
-        tar.extractall(path=os.path.join(OPENDR_HOME, 'projects/simulation/SMPL+D_human_models'))
+        safe_extract(tar, path=os.path.join(OPENDR_HOME, 'projects/simulation/SMPL+D_human_models'))
     tar.close()
     os.remove(downloaded_model_path)