fix(framework): Improve zip extraction robustness in flwr install#6627
Merged
fix(framework): Improve zip extraction robustness in flwr install#6627
Conversation
danieljanes
requested review from
jafermarq,
panh99 and
tanertopal
as code owners
Contributor
There was a problem hiding this comment.
Pull request overview
This PR improves the robustness of ZIP extraction in the Flower CLI by consolidating security checks into a reusable utility function to prevent zip-slip path traversal attacks. The refactoring extracts the previously private _safe_extract_zip function from new.py into a shared archive_utils.py module, making it available for both the flwr new and flwr install commands.
Changes:
- Created new
archive_utils.pymodule withsafe_extract_zipfunction for secure ZIP extraction - Refactored
install.pyto use the centralized secure extraction function instead of unsafezipfile.extractall() - Refactored
new.pyto use the shared utility instead of a local implementation - Added comprehensive test coverage for zip-slip protection in both install and new commands
Reviewed changes
Copilot reviewed 5 out of 5 changed files in this pull request and generated 8 comments.
Show a summary per file
| File | Description |
|---|---|
| framework/py/flwr/cli/archive_utils.py | New module containing the centralized safe_extract_zip function to prevent zip-slip attacks |
| framework/py/flwr/cli/install.py | Updated to use safe_extract_zip instead of unsafe zipfile.extractall() |
| framework/py/flwr/cli/new/new.py | Removed duplicate _safe_extract_zip implementation and imports the shared utility |
| framework/py/flwr/cli/install_test.py | New comprehensive tests for safe ZIP extraction with path traversal protection |
| framework/py/flwr/cli/new/new_test.py | Added test for zip-slip protection in the app download flow |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
github-actions
bot
added
the
Maintainer
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This PR fixes a potential ZIP path traversal risk in FAB install:
zipf.extractall(tmpdir)was used directly ininstall.py(line 122)flwr newalready used safe extraction with path checks innew.py(line 145)This PR refactors both to use a common function to safely extract zip files.