From 72db78a14e5f4911b40c9cb8a10ad9cfb83f739f Mon Sep 17 00:00:00 2001 From: Rip&Tear <84775494+theCyberTech@users.noreply.github.com> Date: Fri, 19 Jun 2026 13:20:56 +0800 Subject: [PATCH] Potential fix for pull request finding Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com> --- lib/cli/src/crewai_cli/experimental/skills/main.py | 2 ++ 1 file changed, 2 insertions(+) diff --git a/lib/cli/src/crewai_cli/experimental/skills/main.py b/lib/cli/src/crewai_cli/experimental/skills/main.py index ecf94a121..eb71ef9b5 100644 --- a/lib/cli/src/crewai_cli/experimental/skills/main.py +++ b/lib/cli/src/crewai_cli/experimental/skills/main.py @@ -393,6 +393,8 @@ def _safe_extractall(tf: tarfile.TarFile, dest: Path) -> None: member_path = (dest / member.name).resolve() if not member_path.is_relative_to(dest_resolved): raise ValueError(f"Blocked path traversal attempt: {member.name!r}") + if member.ischr() or member.isblk() or member.isfifo(): + raise ValueError(f"Blocked special file type in archive: {member.name!r}") if member.issym() or member.islnk(): link_target = member.linkname # Absolute link targets always escape the destination.