o z3iG@sddlZddlZddlZddlZddlZddlZddlZddlZddlZddl m Z m Z ddl m Z ddlmZmZmZddlmZddlmZdd lmZerXddlZddlZeeZGd d d ZGd d d e ZGdddee ZGdddeZGdddeZ GdddeZ!GdddeZ"GdddeZ#GdddeZ$GdddeZ%GdddeZ&Gd d!d!eZ'Gd"d#d#Z(dS)$N)ABCabstractmethod)Path) TYPE_CHECKINGOptionalUnion)config)FileLock) get_loggerc@s`eZdZddeefddZdedefddZd ed edefd d Zdded edefddZ dS)ExtractManagerN cache_dircCs&|r tj|tjntj|_t|_dSN) ospathjoinr EXTRACTED_DATASETS_DIREXTRACTED_DATASETS_PATH extract_dir Extractor extractor)selfrrd/lsinfo/ai/hellotax_ai/llm_service/venv_embed/lib/python3.10/site-packages/datasets/utils/extract.py__init__s zExtractManager.__init__rreturncCs,ddlm}tj|}tj|j||S)Nr )hash_url_to_filename) file_utilsrrrabspathrr)rrrabs_pathrrr_get_output_path"s  zExtractManager._get_output_path output_path force_extractcCs*|ptj| otj|ot| Sr)rrisfileisdirlistdir)rr"r#rrr _do_extract*s$zExtractManager._do_extractF input_pathcCs>|j|}|s |S||}|||r|j||||Sr)rinfer_extractor_formatr!r'extract)rr(r#extractor_formatr"rrrr*/s   zExtractManager.extractrF) __name__ __module__ __qualname__rstrrr!boolr'r*rrrrr s r c@s\eZdZeedeeefdefddZ e edeeefdeeefddfdd Z dS) BaseExtractorrrcKdSrrclsrkwargsrrris_extractable:zBaseExtractor.is_extractabler(r"NcCr3rr)r(r"rrrr*>r8zBaseExtractor.extract) r-r.r/ classmethodrrrr0r1r7 staticmethodr*rrrrr29s.r2c@s`eZdZUgZeeed<edee e fde fddZ e d dee e fdedefd d Zd S) MagicNumberBaseExtractor magic_numbersrmagic_number_lengthcCs8t|d }||WdS1swYdS)Nrb)openread)rr=frrrread_magic_numberFs $z*MagicNumberBaseExtractor.read_magic_number magic_numberrcsVstdd|jD}z|||Wn tyYdSwtfdd|jDS)Ncss|]}t|VqdSr)len.0cls_magic_numberrrr Nsz:MagicNumberBaseExtractor.is_extractable..Fc3s|]}|VqdSr) startswithrFrDrrrISs)maxr<rBOSErrorany)r5rrDr=rrKrr7Ks z'MagicNumberBaseExtractor.is_extractableNrC)r-r.r/r<listbytes__annotations__r:rrr0intrBr9r1r7rrrrr;Cs &r;c@steZdZedeeefdefddZe de j deeeffddZ e d eeefdeeefdd fd d Z d S) TarExtractorrrcKs t|Sr)tarfile is_tarfiler4rrrr7Ws zTarExtractor.is_extractablemembersr"c#sdtttfdtfdddtdtdtffdd dtjdtdtffd d }|}|D]D}|j|rCtd |jd q0| rZ|||rZtd |jd |j q0| rq|||rqtd |jd|j q0|Vq0dS)a Fix for CVE-2007-4559 Desc: Directory traversal vulnerability in the (1) extract and (2) extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in filenames in a TAR archive, a related issue to CVE-2001-1267. See: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4559 From: https://stackoverflow.com/a/10077309 rrcStjtj|Srrrrealpathrrrrrresolvedgz*TarExtractor.safemembers..resolvedbasectj||| SrrrrrJrr^r\rrbadpathjz)TarExtractor.safemembers..badpathinfocs*tj|tj|j}|j|dSN)r^)rrrdirnamenamelinknamerer^tiprcr\rrbadlinknsz)TarExtractor.safemembers..badlinkExtraction of  is blocked (illegal path) is blocked: Symlink to z is blocked: Hard link to N) rrr0r1rUTarInforhloggererrorissymriislnkrWr"rmr^finforrlr safemembers[s  zTarExtractor.safemembersr(NcCs:tj|ddt|}|j|t||d|dS)NTexist_okrW)rmakedirsrUr? extractallrTrxclose)r(r"tar_filerrrr*s  zTarExtractor.extract)r-r.r/r9rrr0r1r7r:rUTarFilerxr*rrrrrTVs#,rTc@<eZdZdgZedeeefdeeefddfddZdS) GzipExtractorsr(r"rNc Cxt|d,}t|d}t||Wdn1swYWddSWddS1s5wYdSNr>wb)gzipr?shutil copyfileobj)r(r" gzip_fileextracted_filerrrr* "zGzipExtractor.extract r-r.r/r<r:rrr0r*rrrrr,rcseZdZgdZeddeeefdede ffdd Z e de e jd eeeffd d Ze d eeefd eeefdd fddZZS) ZipExtractor)sPKsPKsPKrCrrDrcstj||dr dSzddlm}m}m}m}m}m}m } m } m } m } t |d} | | }|r||dkrK||dkrK||dkrK WdWdS||||kr| ||| ||kr||| kr| | }t|| krt| |}||| kr WdWdSWdWdSWdWdSWdWdSWdWdSWdWdSWdWdS1swYWdStyYdSw)NrKTr) _CD_SIGNATURE_ECD_DISK_NUMBER_ECD_DISK_START_ECD_ENTRIES_TOTAL _ECD_OFFSET _ECD_SIZE _EndRecDatasizeCentralDirstringCentralDirstructCentralDirr>F)superr7zipfilerrrrrrrrrrr?seektellr@rEstructunpack Exception)r5rrDrrrrrrrrrrfpendrecdatacentdir __class__rrr7sT0 $                 zZipExtractor.is_extractablerWr"c#stdtttfdtfdddtdtdtffdd }|}|D]}||j|r4td|jd q!|Vq!d S) a, Fix for CVE-2007-4559 Desc: Directory traversal vulnerability in the (1) extract and (2) extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in filenames in a TAR archive, a related issue to CVE-2001-1267. See: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4559 From: https://stackoverflow.com/a/10077309 This additional mitigation is applied for zipfile as well. rrcSrXrrYr[rrrr\r]z*ZipExtractor.safemembers..resolvedr^cr_rr`rarbrrrcrdz)ZipExtractor.safemembers..badpathrnroNrrr0r1filenamerrrs)rWr"rcr^rwrrbrrxs zZipExtractor.safemembersr(NcCs`tj|ddt|d}|j|t|j|d|WddS1s)wYdS)NTryrr{) rr|rZipFiler}rrxfilelistr~)r(r"zip_filerrrr*s  "zZipExtractor.extractrO)r-r.r/r<r9rrr0rQr1r7r:rPrZipInforxr* __classcell__rrrrrs&$"0rc@r) XzExtractors7zXZr(r"rNc Csvt|,}t|d}t||Wdn1swYWddSWddS1s4wYdS)Nr)lzmar?rrr(r"compressed_filerrrrr*s  "zXzExtractor.extractrrrrrrrrc@s`eZdZddgZededdeeeffddZ edeeefdeeefd d fd d Z d S) RarExtractorsRar!sRar!rWrarfile.RarInfor"c#sdtttfdtfdddtdtdtffdd dd dtdtffd d }|}|D]-}|j|rBtd |jd q/|rY|||rYtd |jd|jq/|Vq/dS)a, Fix for CVE-2007-4559 Desc: Directory traversal vulnerability in the (1) extract and (2) extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in filenames in a TAR archive, a related issue to CVE-2001-1267. See: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4559 From: https://stackoverflow.com/a/10077309 This additional mitigation is applied for rarfile as well. rrcSrXrrYr[rrrr\r]z*RarExtractor.safemembers..resolvedr^cr_rr`rarbrrrcrdz)RarExtractor.safemembers..badpathrercs4tj|tj|j}|j\}}}||dSrf)rrrrgr file_redir)rer^rk redir_type redir_flags link_namerlrrrms  z)RarExtractor.safemembers..badlinkrnrorpN) rrr0r1rrrrs is_symlinkrrvrrlrrxs zRarExtractor.safemembersr(rNcCsTtjstdddl}tj|dd||}|j|t | |d| dS)NzPlease pip install rarfilerTryr{) r RARFILE_AVAILABLE ImportErrorrarfilerr|RarFiler}rrxinfolistr~)r(r"rrfrrrr*s  zRarExtractor.extract r-r.r/r<r:rPrrr0rxr*rrrrrs  $,rc@r) ZstdExtractors(/r(r"rNc Cstjstdddl}|}t|d,}t|d}|||Wdn1s+wYWddSWddS1sCwYdS)NzPlease pip install zstandardrr>r)r ZSTANDARD_AVAILABLEr zstandardZstdDecompressorr? copy_stream)r(r"zstddctxifhofhrrrr*&sPzZstdExtractor.extractrrrrrr#rrc@r)Bzip2ExtractorsBZhr(r"rNc Crr)bz2r?rrrrrrr*4rzBzip2Extractor.extractrrrrrr1rrc@s^eZdZdgZededdeeeffddZ edeeefdeeefdd fd d Z d S) SevenZipExtractors7z'rWpy7zr.FileInfor"c#sdtttfdtfdddtdtdtffdd dd dtdtffd d }|}|D]}|j|rBtd |jd q/|Vq/dS)a* Fix for CVE-2007-4559 Desc: Directory traversal vulnerability in the (1) extract and (2) extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in filenames in a TAR archive, a related issue to CVE-2001-1267. See: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4559 From: https://stackoverflow.com/a/10077309 This additional mitigation is applied for py7zr as well. rrcSrXrrYr[rrrr\Lr]z/SevenZipExtractor.safemembers..resolvedr^cr_rr`rarbrrrcOrdz.SevenZipExtractor.safemembers..badpathrercs2tj|tj|j}tj|j|dSrf)rrrrgrbasenamerjrlrrrmSsz.SevenZipExtractor.safemembers..badlinkrnroNrrvrrlrrx>s zSevenZipExtractor.safemembersr(rNcCs~tjstdddl}tj|dd||d}ddt| |D}|j ||dWddS1s8wYdS) NzPlease pip install py7zrrTryrcSsg|]}|jqSr)r)rGrwrrr ksz-SevenZipExtractor.extract..)targets) r PY7ZR_AVAILABLErpy7zrrr| SevenZipFilerrxrPr*)r(r"rarchiverrrrr*cs"zSevenZipExtractor.extractrrrrrr;s  $,rc@r) Lz4Extractors"Mr(r"rNc Cstjstdddl}|j|d,}t|d}t||Wdn1s)wYWddSWddS1sAwYdS)NzPlease pip install lz4rr>r)r LZ4_AVAILABLEr lz4.frameframer?rr)r(r"lz4rrrrrr*rs "zLz4Extractor.extractrrrrrrorrc @seZdZUeeeeeee e e d Z e eeefed<eddZedeeefdefddZeddeeefd ed efd d Zedeeefd eefddZedeeefdeeefded dfddZdS)r) tarrzipxzrarrr7zr extractorscCstdd|jDS)Ncss.|]}t|tr|jD]}t|Vq qdSr) issubclassr;r<rE)rGrextractor_magic_numberrrrrIs z9Extractor._get_magic_number_max_length..)rLrvalues)r5rrr_get_magic_number_max_lengthsz&Extractor._get_magic_number_max_lengthrr=cCs&ztj||dWStyYdSw)N)r=rC)r;rBrM)rr=rrr_read_magic_numbers  zExtractor._read_magic_numberFreturn_extractorrcCs>tjdtd||}|r|sdSd|j|fS|sdSdS)Nz{Method 'is_extractable' was deprecated in version 2.4.0 and will be removed in 3.0.0. Use 'infer_extractor_format' instead.)categoryTF)FN)warningswarn FutureWarningr)r)r5rrr+rrrr7s  zExtractor.is_extractablecCsB|}|||}|jD]\}}|j||dr|SqdS)NrK)rrritemsr7)r5rmagic_number_max_lengthrDr+rrrrr)s z Extractor.infer_extractor_formatr(r"r+NcCsxtjtj|ddtt|d}t|tj |dd|j |}| ||WdS1s5wYdS)NTryz.lock) ignore_errors) rr|rrgr0r with_suffixr rrmtreerr*)r5r(r"r+ lock_pathrrrrr*s   $zExtractor.extractr,)r-r.r/rTrrrrrrrrrdictr0typer2rRr9rr:rrrSrr1r7rr)r*rrrrr}s:  "   r))rrrrrrrUrrabcrrpathlibrtypingrrrr _filelockr loggingr rrr-rrr r2r;rTrrrrrrrrrrrrrs@     1 T 4 4