gromero commented on code in PR #13751:
URL: https://github.com/apache/tvm/pull/13751#discussion_r1092554259
##########
apps/microtvm/arduino/template_project/microtvm_api_server.py:
##########
@@ -177,11 +177,28 @@ def _remove_unused_components(self, source_dir,
project_type):
for component in unused_components:
shutil.rmtree(source_dir / "standalone_crt" / component)
+ def _safe_extract(tar, path=".", members=None, *, numeric_owner=False):
+ def is_within_directory(directory, member):
+
+ target = os.path.join(path, member.name)
Review Comment:
`path` here is being taken from the outer scope, i.e. from `path="."` arg in
`_safe_extract`. `path` is also passed to `_is_within_directory()` as
`directory` arg, so could it be changed to actually:
```
target = os.path.join(directory, member.name)
```
?
nit: If you wish, this line could be put immediately before the line where
`target` is used, i.e. before line 185 (`abs_target = ...`).
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
