fix(update): set filter="data" on tarfile.extractall in auto-updater#2298
Open
ktwu01 wants to merge 1 commit into
Open
fix(update): set filter="data" on tarfile.extractall in auto-updater#2298ktwu01 wants to merge 1 commit into
ktwu01 wants to merge 1 commit into
Conversation
PEP 706 deprecated calling tarfile.extractall() without an explicit filter argument. Python 3.12 emits DeprecationWarning and a future release will raise. CVE-2007-4559 (the original "tar slip" bug) made filter="data" the recommended default: it rejects absolute paths, parent-traversal members, and special files even for trusted sources, which is the right default for an auto-updater that writes into a temp dir and then chmod +x's the result. The other archive-extraction sites in the codebase (cli/plugin.py:77 and vis/api/sessions.py:657) already have explicit path-traversal checks before extractall, so this brings the auto-updater in line with the rest of the codebase as defense-in-depth. Refs MoonshotAI#2273
![devin-ai-integration[bot]](https://avatars.githubusercontent.com/in/811515?s=60&v=4){kind=small}
This was referenced May 15, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Partial fix for #2273 — addresses the third sub-item (defense-in-depth on the extractor) without touching the sha256-manifest piece, which needs a CDN-side change to publish
.sha256sidecars and is best handled by the maintainers.src/kimi_cli/ui/shell/update.pyextracted the downloaded update tarball with baretar.extractall(tmpdir). PEP 706 deprecated this call shape: Python 3.12 emitsDeprecationWarningand a future release will raise.filter="data"is the recommended default — it rejects absolute paths, parent-traversal members, device nodes, setuid bits, and symlinks pointing outside the extraction tree, which is exactly the right default for an auto-updater that goes on tochmod +xthe extracted file.The codebase's other two archive-extraction sites (
cli/plugin.py:77andvis/api/sessions.py:657) already have explicit path-traversal checks beforeextractall; the auto-updater was the lone outlier. This brings it in line.What this PR does NOT cover
The other two items in #2273 (sha256 manifest verification, optional signature verification) require publishing a
.sha256sidecar (ormanifest.json) alongside eachkimi-{version}-{target}.tar.gzoncdn.kimi.com. That's a CDN/release-pipeline change, not a code-only one — I'd rather leave it to a follow-up where the publishing side and the verifying side can land together. Happy to send that follow-up PR once the team confirms the manifest format and CDN path.Test plan
kimibinary, whichfilter="data"does not modify).filter="data"is the safest of the three PEP 706 filters and the documented recommendation for untrusted sources.grep -rn "extractall" src/confirms this was the only unfiltered site.Refs #2273