Skip to content

fix: Enhancements Needed for Secure Tar Extraction (5560)#26

Closed
aviruthen wants to merge 1 commit intomasterfrom
fix/enhancements-needed-for-secure-tar-extraction-5560
Closed

fix: Enhancements Needed for Secure Tar Extraction (5560)#26
aviruthen wants to merge 1 commit intomasterfrom
fix/enhancements-needed-for-secure-tar-extraction-5560

Conversation

@aviruthen
Copy link
Copy Markdown
Owner

@aviruthen aviruthen commented Mar 26, 2026

Description

Security Hardening: Path Traversal Protection in Model Repacking

Problem

The model repacking utilities in both sagemaker-mlops and sagemaker-core had several areas where path traversal attacks could potentially be exploited:

  1. _repack_model.py: Used model_archive.split("/")[-1] instead of os.path.basename() for extracting archive filenames, and lacked validation of the inference_script parameter for path traversal characters.

  2. common_utils.py: The _extract_model function did not validate local file paths against sensitive system directories, and dependency paths were not validated for degenerate basenames.

Changes

sagemaker-mlops/src/sagemaker/mlops/workflow/_repack_model.py

  • Use os.path.basename() instead of split("/")[-1] for safer filename extraction
  • Add validation that archive_basename is not empty, ., .., or contains path separators
  • Add path traversal validation for inference_script parameter
  • Verify copy destinations stay within expected directories using _get_resolved_path
  • Add pre-copy validation that code_dir is within src_dir

sagemaker-core/src/sagemaker/core/common_utils.py

  • Add sensitive system path validation for local model URIs in _extract_model
  • Add basename validation for dependency paths to prevent degenerate values

sagemaker-core/src/sagemaker/core/utils/__init__.py

  • Export _validate_source_directory and _validate_dependency_path for reuse

Tests

  • Added tests for path traversal detection edge cases
  • Added tests for absolute path escape detection
  • Added tests for nested safe paths and empty member lists

Related Issue

Related issue: 5560

Changes Made

No response from agent

AI-Generated PR

This PR was automatically generated by the PySDK Issue Agent.

  • Confidence score: 0%
  • Classification: bug
  • SDK version target: V3

Merge Checklist

  • Changes are backward compatible
  • Commit message follows prefix: description format
  • Unit tests added/updated
  • Integration tests added (if applicable)
  • Documentation updated (if applicable)

@aviruthen aviruthen closed this Mar 26, 2026
@aviruthen aviruthen deleted the fix/enhancements-needed-for-secure-tar-extraction-5560 branch March 26, 2026 22:13
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@aviruthen