add optional disablement of symlink validation (#119)

bryopsida · web-flow · commit 374460e9973a · 2025-06-30T09:53:21.000+02:00
* add optional disablement of symlinks

* add test
diff --git a/.gitignore b/.gitignore
@@ -2,3 +2,5 @@ node_modules
 test/fixtures/copy
 test/fixtures/invalid
 test/fixtures/outside
+test/fixtures/valid
+.DS_Store
diff --git a/index.js b/index.js
@@ -131,6 +131,7 @@ exports.extract = function extract (cwd, opts) {
   const now = new Date()
   const umask = typeof opts.umask === 'number' ? ~opts.umask : ~processUmask()
   const strict = opts.strict !== false
+  const validateSymLinks = opts.validateSymlinks !== false
 
   let map = opts.map || noop
   let dmode = typeof opts.dmode === 'number' ? opts.dmode : 0
@@ -219,7 +220,7 @@ exports.extract = function extract (cwd, opts) {
       if (win32) return next() // skip symlinks on win for now before it can be tested
       xfs.unlink(name, function () {
         const dst = path.resolve(path.dirname(name), header.linkname)
-        if (!inCwd(dst)) return next(new Error(name + ' is not a valid symlink'))
+        if (!inCwd(dst) && validateSymLinks) return next(new Error(name + ' is not a valid symlink'))
 
         xfs.symlink(header.linkname, name, stat)
       })
diff --git a/test/fixtures/valid.tar b/test/fixtures/valid.tar
diff --git a/test/index.js b/test/index.js
@@ -321,6 +321,34 @@ test('do not extract invalid tar', function (t) {
     })
 })
 
+test('extract tar intended for use by chroot', function (t) {
+  if (win32) { // no symlink support on win32 currently. TODO: test if this can be enabled somehow
+    t.plan(1)
+    t.ok(true)
+    return
+  }
+
+  t.plan(1)
+
+  const a = path.join(__dirname, 'fixtures', 'valid.tar')
+
+  const out = path.join(__dirname, 'fixtures', 'valid')
+
+  rimraf.sync(out)
+
+  fs.createReadStream(a)
+    .pipe(tar.extract(out, { validateSymlinks: false }))
+    .on('error', function (err) {
+      t.ok(/is not a valid symlink/i.test(err.message))
+      fs.stat(path.join(out, '../bar'), function (err) {
+        t.ok(err)
+      })
+    })
+    .on('finish', function () {
+      t.ok(true)
+    })
+})
+
 test('no abs hardlink targets', function (t) {
   if (win32) { // no symlink support on win32 currently. TODO: test if this can be enabled somehow
     t.plan(1)
