From 151a39c5c22ecb8254540a90b4d29645dda8d3ba Mon Sep 17 00:00:00 2001
From: Dengke Tang <dengket@amazon.com>
Date: Thu, 11 Jan 2024 15:15:53 -0800
Subject: [PATCH] what about this?

---
 builder/core/fetch.py | 23 ++---------------------
 1 file changed, 2 insertions(+), 21 deletions(-)

diff --git a/builder/core/fetch.py b/builder/core/fetch.py
index f1019eb55..d3cd615b1 100644
--- a/builder/core/fetch.py
+++ b/builder/core/fetch.py
@@ -235,27 +235,8 @@ def fetch_and_extract(url, archive_path, extract_path):
 
     print('Extracting {} to {}'.format(archive_path, extract_path))
     if tarfile.is_tarfile(archive_path):
-        with open(archive_path, mode='rb') as file:
-            with tarfile.open(fileobj=file) as tar:
-                def is_within_directory(directory, target):
-
-                    abs_directory = os.path.abspath(directory)
-                    abs_target = os.path.abspath(target)
-
-                    prefix = os.path.commonprefix([abs_directory, abs_target])
-
-                    return prefix == abs_directory
-
-                def safe_extract(tar, path=".", members=None, *, numeric_owner=False):
-
-                    for member in tar.getmembers():
-                        member_path = os.path.join(path, member.name)
-                        if not is_within_directory(path, member_path):
-                            raise Exception("Attempted Path Traversal in Tar File")
-
-                    tar.extractall(path, members, numeric_owner=numeric_owner)
-
-                safe_extract(tar, extract_path)
+        with tarfile.open(archive_path) as tar:
+            tar.extractall(extract_path)
 
     elif zipfile.is_zipfile(archive_path):
         with zipfile.ZipFile(archive_path) as zip: