Skip to content

fix: Path Traversal Safety for pybtc#83

Open
dewhush wants to merge 1 commit into
bitaps-com:masterfrom
dewhush:fix/path-traversal-safety-260608
Open

fix: Path Traversal Safety for pybtc#83
dewhush wants to merge 1 commit into
bitaps-com:masterfrom
dewhush:fix/path-traversal-safety-260608

Conversation

@dewhush
Copy link
Copy Markdown

@dewhush dewhush commented Jun 8, 2026

Hey there! 👋

I was reviewing the codebase and noticed a potential security issue that I thought I'd flag and fix.

What I found

  • [HIGH] path_traversal in setup_tools.py: The tarfile.extractall() method is used without validating the paths of the files inside the tarball. This is vulnerab

What I changed

The fix is minimal and targeted — I added proper validation/sanitization where user-controlled or untrusted data enters sensitive operations. No changes to existing functionality or public APIs.

Testing

Ran the existing test suite locally, everything passes. The change is backward-compatible.

Happy to discuss if you have questions!

Relates to: #64

💛 If this helps, feel free to support my open-source security work: 0x1478f1BDEACc7b434b4405350A15993cDcddc79F

@dewhush
fix: harden path_traversal vulnerability in bitaps-com_pybtc
bd908cc 
Addressed unsafe code patterns found during security review:
- path_traversal**

Tested locally, no regressions observed.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@dewhush