mirror of
https://gitlab.kitware.com/cmake/cmake.git
synced 2026-01-28 20:04:10 +00:00
03f19aa4ea
Add security flags to libarchive extraction to prevent path traversal (Zip Slip) and absolute path attacks: - ARCHIVE_EXTRACT_SECURE_NODOTDOT: Block ".." path components - ARCHIVE_EXTRACT_SECURE_NOABSOLUTEPATHS: Block absolute paths - ARCHIVE_EXTRACT_SECURE_SYMLINKS: Block symlinks escaping extract dir This hardens both `cmake -E tar` and `file(ARCHIVE_EXTRACT)` against malicious archives that attempt to write files outside the intended extraction directory.
61 lines
1.5 KiB
CMake
61 lines
1.5 KiB
CMake
include(RunCMake)
|
|
|
|
run_cmake(7zip)
|
|
run_cmake(7zip-none)
|
|
run_cmake(7zip-bz2)
|
|
run_cmake(7zip-gz)
|
|
run_cmake(7zip-lzma)
|
|
run_cmake(7zip-lzma2)
|
|
run_cmake(7zip-ppmd)
|
|
run_cmake(gnutar)
|
|
run_cmake(gnutar-gz)
|
|
run_cmake(gnutar-deflate)
|
|
run_cmake(pax)
|
|
run_cmake(pax-lzma)
|
|
run_cmake(pax-lzma2)
|
|
run_cmake(pax-xz)
|
|
run_cmake(pax-zstd)
|
|
run_cmake(paxr)
|
|
run_cmake(paxr-bz2)
|
|
run_cmake(zip)
|
|
run_cmake(zip-none)
|
|
run_cmake(zip-deflate)
|
|
|
|
run_cmake(working-directory)
|
|
|
|
# Check the THREADS option
|
|
run_cmake(argument-validation-threads)
|
|
run_cmake(threads-bz2)
|
|
run_cmake(threads-gz)
|
|
run_cmake(threads-xz)
|
|
run_cmake(threads-zstd)
|
|
|
|
# Extracting only selected files or directories
|
|
run_cmake(zip-filtered)
|
|
|
|
run_cmake(create-missing-args)
|
|
run_cmake(extract-missing-args)
|
|
|
|
run_cmake(unsupported-format)
|
|
run_cmake(zip-with-bad-compression)
|
|
run_cmake(gnutar-with-bad-compression)
|
|
|
|
run_cmake(unsupported-compression-level)
|
|
run_cmake(argument-validation-compression-level-1)
|
|
run_cmake(argument-validation-compression-level-2)
|
|
run_cmake(7zip-bz2-compression-level)
|
|
run_cmake(7zip-lzma-compression-level)
|
|
run_cmake(7zip-xz-compression-level)
|
|
run_cmake(7zip-ppmd-compression-level)
|
|
run_cmake(gnutar-gz-compression-level)
|
|
run_cmake(pax-xz-compression-level)
|
|
run_cmake(pax-zstd-compression-level)
|
|
run_cmake(paxr-bz2-compression-level)
|
|
run_cmake(zip-deflate-compression-level)
|
|
|
|
# Security: Test path traversal protection
|
|
if(Python_EXECUTABLE)
|
|
run_cmake_script(path-absolute -DPython_EXECUTABLE=${Python_EXECUTABLE})
|
|
run_cmake_script(path-traversal -DPython_EXECUTABLE=${Python_EXECUTABLE})
|
|
endif()
|