MISP
/
misp-modules
mirror of https://github.com/MISP/misp-modules
2
0
Fork 0
Code Issues Releases Wiki Activity

fix: prevent symlink attacks

pull/327/head
Pierre-Jean Grenier 2019-08-22 11:16:18 +02:00
parent 413cc2469f
commit b2ab727f9b
1 changed files with 8 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
misp_modules/modules/import_mod/cuckooimport.py
View File

@ -3,6 +3,7 @@ import base64
import io import io
import logging import logging
import posixpath import posixpath
import stat
import tarfile import tarfile
import zipfile import zipfile
from pymisp import MISPEvent, MISPObject, MISPAttribute from pymisp import MISPEvent, MISPObject, MISPAttribute
@ -241,6 +242,10 @@ class CuckooParser():
self.files = { self.files = {
info.filename: z.open(info) info.filename: z.open(info)
for info in z.filelist for info in z.filelist
# only extract the regular files and dirs, we don't
# want any symbolic link
if stat.S_ISREG(info.external_attr >> 16)
or stat.S_ISDIR(info.external_attr >> 16)
} }
else: else:
# the archive was probably downloaded from the API # the archive was probably downloaded from the API
@ -249,6 +254,9 @@ class CuckooParser():
self.files = { self.files = {
info.name: f.extractfile(info) info.name: f.extractfile(info)
for info in f.getmembers() for info in f.getmembers()
# only extract the regular files and dirs, we don't
# want any symbolic link
if info.isreg() or info.isdir()
} }
# We want to keep the order of the keys of sub-dicts in the report, # We want to keep the order of the keys of sub-dicts in the report,