[Security]: unsafe ZIP extraction allows Zip Slip / path traversal #866
Description
Problem
OpenViking currently extracts user-supplied ZIP archives using extractall(...) without validating member paths.
This creates a classic Zip Slip risk: a crafted archive can include entries such as ../... or absolute paths and write files outside the intended temporary extraction directory.
Why this matters
If ZIP-based resource/media/skill import is reachable from user-controlled input, this is a file-system write boundary violation, not just a parser bug.
Potential impact includes:
- overwriting files outside the temp dir
- corrupting local state
- writing attacker-controlled files into unintended locations
Observed code paths
Local review of the running Python package found direct ZIP extraction in:
openviking/utils/media_processor.pyopenviking/utils/skill_processor.py
The current pattern is effectively:
zipf.extractall(temp_dir)without per-member path validation.
Expected behavior
ZIP extraction should validate every archive member before writing:
- reject absolute paths
- reject parent-directory traversal (
..) - ensure resolved output path stays inside the intended extraction root
Suggested fix direction
Introduce a shared safe extraction helper and replace direct extractall(...) calls.
Example approach:
for member in zipf.infolist():
out = (temp_dir / member.filename).resolve()
if not str(out).startswith(str(temp_dir.resolve()) + os.sep):
raise ValueError("unsafe zip member")
zipf.extract(member, temp_dir)Additional note
OpenViking already appears to have some path-safety logic in other upload/path handling code, so this would be a good candidate for consolidation into a single reusable ZIP/path safety utility.
Impact level
This should be treated as a high-priority security issue.