Skip to content

Fix fail-open ZIP iteration in _iterate_models (BadZipFile bypass) #355

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
AAtomical wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Fix fail-open ZIP iteration in _iterate_models (BadZipFile bypass) #355

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
41 changes: 31 additions & 10 deletions modelscan/modelscan.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -98,18 +98,39 @@ def _iterate_models(self, model_path: Path) -> Generator[Model, None, None]:
with zipfile.ZipFile(model.get_stream(), "r") as zip:
file_names = zip.namelist()
for file_name in file_names:
with zip.open(file_name, "r") as file_io:
file_name = f"{model.get_source()}:{file_name}"
if _is_zipfile(file_name, data=file_io):
self._errors.append(
NestedZipError(
"ModelScan does not support nested zip files.",
Path(file_name),
entry_source = f"{model.get_source()}:{file_name}"
# Handle each entry individually. A single unreadable
# entry (e.g. a corrupted local file header that raises
# BadZipFile on open) must not abort enumeration of the
# remaining entries -- otherwise a crafted archive could
# hide a malicious entry behind a corrupted one and have
# modelscan report the whole archive as clean.
try:
with zip.open(file_name, "r") as file_io:
if _is_zipfile(entry_source, data=file_io):
self._errors.append(
NestedZipError(
"ModelScan does not support nested zip files.",
Path(entry_source),
)
)
continue

yield Model(entry_source, file_io)
except (zipfile.BadZipFile, RuntimeError) as e:
logger.debug(
"Skipping zip entry %s, due to error",
entry_source,
exc_info=True,
)
self._skipped.append(
ModelScanSkipped(
"ModelScan",
SkipCategories.BAD_ZIP,
f"Skipping zip entry due to error: {e}",
entry_source,
)
continue

yield Model(file_name, file_io)
)
except (zipfile.BadZipFile, RuntimeError) as e:
logger.debug(
"Skipping zip file %s, due to error",
Expand Down