Browse Source

Merge pull request #327 from zaphodef/cuckooimport

fix: prevent symlink attacks
pull/328/head v2.4.114
Alexandre Dulaunoy 2 years ago
committed by GitHub
parent
commit
30d9567e8c
No known key found for this signature in database GPG Key ID: 4AEE18F83AFDEB23
  1. 8
      misp_modules/modules/import_mod/cuckooimport.py

8
misp_modules/modules/import_mod/cuckooimport.py

@ -3,6 +3,7 @@ import base64
import io
import logging
import posixpath
import stat
import tarfile
import zipfile
from pymisp import MISPEvent, MISPObject, MISPAttribute
@ -241,6 +242,10 @@ class CuckooParser():
self.files = {
info.filename: z.open(info)
for info in z.filelist
# only extract the regular files and dirs, we don't
# want any symbolic link
if stat.S_ISREG(info.external_attr >> 16)
or stat.S_ISDIR(info.external_attr >> 16)
}
else:
# the archive was probably downloaded from the API
@ -249,6 +254,9 @@ class CuckooParser():
self.files = {
info.name: f.extractfile(info)
for info in f.getmembers()
# only extract the regular files and dirs, we don't
# want any symbolic link
if info.isreg() or info.isdir()
}
# We want to keep the order of the keys of sub-dicts in the report,

Loading…
Cancel
Save