)]}'
{"/PATCHSET_LEVEL":[{"author":{"_account_id":14200,"name":"Maksim Malchuk","email":"maksim.malchuk@gmail.com","username":"mmalchuk"},"change_message_id":"18f1f4b8c7c7ea1279654a2f2112ba4dba9b6589","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":4,"id":"4befaa87_d45492c9","updated":"2023-04-01 11:53:03.000000000","message":"Michal thanks for rewrite, but the both tests are useless, they tests only tarfile library, not the kolla code I\u0027ve fixed.","commit_id":"143765fb67221cc51f1dc56a41ac2b67dddc453f"}],"kolla/image/tasks.py":[{"author":{"_account_id":22629,"name":"Michal Nasiadka","email":"mnasiadka@gmail.com","username":"mnasiadka"},"change_message_id":"32d88b67e2f39ffa04d8aaf868a16e896d3a0ba8","unresolved":true,"context_lines":[{"line_number":266,"context_line":""},{"line_number":267,"context_line":"        def _test_malicious_tarball(archive, path):"},{"line_number":268,"context_line":"            self.logger.debug(f\u0027Test malicious tarball {archive}\u0027)"},{"line_number":269,"context_line":"            tar_file \u003d tarfile.open(archive, \u0027r|*\u0027)"},{"line_number":270,"context_line":"            for n in tar_file.getnames():"},{"line_number":271,"context_line":"                if not os.path.abspath(os.path.join(path, n)).startswith(path):"},{"line_number":272,"context_line":"                    tar_file.close()"}],"source_content_type":"text/x-python","patch_set":1,"id":"2d8c2292_8644cf39","line":269,"range":{"start_line":269,"start_character":0,"end_line":269,"end_character":51},"updated":"2023-03-27 06:10:37.000000000","message":"Please add a test with non gz tarball, so we don\u0027t break it in the future again.","commit_id":"c5f9d50694ac3da57cab5daadcbe2e328aee0b03"},{"author":{"_account_id":14200,"name":"Maksim Malchuk","email":"maksim.malchuk@gmail.com","username":"mmalchuk"},"change_message_id":"b3c4f7553964adcedd0ff099b222e0d345d121b6","unresolved":false,"context_lines":[{"line_number":266,"context_line":""},{"line_number":267,"context_line":"        def _test_malicious_tarball(archive, path):"},{"line_number":268,"context_line":"            self.logger.debug(f\u0027Test malicious tarball {archive}\u0027)"},{"line_number":269,"context_line":"            tar_file \u003d tarfile.open(archive, \u0027r|*\u0027)"},{"line_number":270,"context_line":"            for n in tar_file.getnames():"},{"line_number":271,"context_line":"                if not os.path.abspath(os.path.join(path, n)).startswith(path):"},{"line_number":272,"context_line":"                    tar_file.close()"}],"source_content_type":"text/x-python","patch_set":1,"id":"38fa621a_48b29c0d","line":269,"range":{"start_line":269,"start_character":0,"end_line":269,"end_character":51},"in_reply_to":"2d8c2292_8644cf39","updated":"2023-03-27 08:52:05.000000000","message":"test exist - test_malicious_tar, it uses gzip compressed tar","commit_id":"c5f9d50694ac3da57cab5daadcbe2e328aee0b03"},{"author":{"_account_id":22629,"name":"Michal Nasiadka","email":"mnasiadka@gmail.com","username":"mnasiadka"},"change_message_id":"58de963e2ac6f9b79114ba98f85bd001a9877af3","unresolved":true,"context_lines":[{"line_number":266,"context_line":""},{"line_number":267,"context_line":"        def _test_malicious_tarball(archive, path):"},{"line_number":268,"context_line":"            self.logger.debug(f\u0027Test malicious tarball {archive}\u0027)"},{"line_number":269,"context_line":"            tar_file \u003d tarfile.open(archive, \u0027r|*\u0027)"},{"line_number":270,"context_line":"            for n in tar_file.getnames():"},{"line_number":271,"context_line":"                if not os.path.abspath(os.path.join(path, n)).startswith(path):"},{"line_number":272,"context_line":"                    tar_file.close()"}],"source_content_type":"text/x-python","patch_set":1,"id":"7279d805_eccd1e4d","line":269,"range":{"start_line":269,"start_character":0,"end_line":269,"end_character":51},"in_reply_to":"38fa621a_48b29c0d","updated":"2023-03-27 12:00:52.000000000","message":"That\u0027s why I said we need another test with NOT compressed tar?","commit_id":"c5f9d50694ac3da57cab5daadcbe2e328aee0b03"},{"author":{"_account_id":14200,"name":"Maksim Malchuk","email":"maksim.malchuk@gmail.com","username":"mmalchuk"},"change_message_id":"1a32a71b71840bea3e8e418f2283e9fdd572f5fb","unresolved":false,"context_lines":[{"line_number":266,"context_line":""},{"line_number":267,"context_line":"        def _test_malicious_tarball(archive, path):"},{"line_number":268,"context_line":"            self.logger.debug(f\u0027Test malicious tarball {archive}\u0027)"},{"line_number":269,"context_line":"            tar_file \u003d tarfile.open(archive, \u0027r|*\u0027)"},{"line_number":270,"context_line":"            for n in tar_file.getnames():"},{"line_number":271,"context_line":"                if not os.path.abspath(os.path.join(path, n)).startswith(path):"},{"line_number":272,"context_line":"                    tar_file.close()"}],"source_content_type":"text/x-python","patch_set":1,"id":"4f823707_c48827f3","line":269,"range":{"start_line":269,"start_character":0,"end_line":269,"end_character":51},"in_reply_to":"7279d805_eccd1e4d","updated":"2023-03-27 13:32:14.000000000","message":"no. we have the test which cover this function here:\n\n1. https://opendev.org/openstack/kolla/src/branch/master/kolla/tests/test_build.py#L309\nhere created gzip compressed tar\n\n2. https://opendev.org/openstack/kolla/src/branch/master/kolla/tests/test_build.py#L321-L323\nhere the code executed our function with private _test_malicious_tarball with changed code inside it.\n\ntest passed.\n\nregarding the place where the tarball for plugins was created without compression, I did not change anything.","commit_id":"c5f9d50694ac3da57cab5daadcbe2e328aee0b03"}]}