Validate tar archive extraction paths

[XananasX7]

Summary
Tighten Magento framework TAR extraction so archive entries cannot write outside the configured extraction destination.

The TAR extractor builds output paths by concatenating the destination directory with the archive member name. A crafted member such as ../outside.txt can escape the destination and write elsewhere on disk
during extraction. Symlink entries also lacked target containment checks.

Changes

• Normalize and validate TAR member paths before extraction.
• Reject empty paths, NUL bytes, absolute paths, stream-wrapper paths, Windows drive paths, and . / .. path segments.
• Verify final extraction paths remain under the destination directory.
• Reject symlink targets that resolve outside the destination directory.
• Add regression coverage for traversal and unsafe symlink targets.

Validation

• php -l lib/internal/Magento/Framework/Archive/Tar.php
• php -l lib/internal/Magento/Framework/Test/Unit/ArchiveTest.php
• git diff --check HEAD~1..HEAD
• Local harness confirmed traversal is blocked and a normal nested file still extracts.

Note
I could not run PHPUnit in this clone because vendor/bin/phpunit is not installed.

Resolved issues:

1. resolves [Issue] Validate tar archive extraction paths #40838: Validate tar archive extraction paths

[m2-assistant]

Hi @XananasX7. Thank you for your contribution!
Here are some useful tips on how you can test your changes using Magento test environment.
❗ Automated tests can be triggered manually with an appropriate comment:

• @magento run all tests - run or re-run all required tests against the PR changes
• @magento run <test-build(s)> - run or re-run specific test build(s)
  For example: @magento run Unit Tests

<test-build(s)> is a comma-separated list of build names.

Allowed build names are:

1. Database Compare
2. Functional Tests CE
3. Functional Tests EE
4. Functional Tests B2B
5. Integration Tests
6. Magento Health Index
7. Sample Data Tests CE
8. Sample Data Tests EE
9. Sample Data Tests B2B
10. Static Tests
11. Unit Tests
12. WebAPI Tests
13. Semantic Version Checker

You can find more information about the builds here
ℹ️ Run only required test builds during development. Run all test builds before sending your pull request for review.

---

For more details, review the Code Contributions documentation.
Join Magento Community Engineering Slack and ask your questions in #github channel.

[engcom-Hotel]

@magento create issue