installer: fix path traversal

[radoering]

Pull Request Check List

• Added tests for changed code.
• Updated documentation for changed code.

Summary by Sourcery

Prevent the wheel installer from writing files outside the intended installation directory when extracting wheel contents.

Bug Fixes:

• Guard against path traversal in wheel installation by rejecting files that resolve outside the target directory.

Tests:

• Add tests covering installation into a symlinked target directory and rejection of wheels containing path traversal entries.

[sourcery-ai]

Reviewer's Guide

Adds protections against path traversal in the wheel installer by resolving and validating target paths before writing, and introduces tests covering symlinked install directories and malicious wheels containing path traversal entries.

Sequence diagram for secure write_to_fs path handling

sequenceDiagram
    participant Caller
    participant WheelInstaller
    participant Filesystem

    Caller->>WheelInstaller: write_to_fs(scheme, path, stream)
    WheelInstaller->>WheelInstaller: target_dir = Path(scheme_dict[scheme]).resolve()
    WheelInstaller->>WheelInstaller: target_path = (target_dir / path).resolve()
    WheelInstaller->>WheelInstaller: is_relative = target_path.is_relative_to(target_dir)
    alt target_path outside target_dir
        WheelInstaller-->>Caller: raise ValueError
    else target_path inside target_dir
        WheelInstaller->>Filesystem: target_path.exists()
        alt file exists
            WheelInstaller->>Filesystem: open target_path for writing
            WheelInstaller->>Filesystem: copyfileobj_with_hashing(stream, file)
            WheelInstaller->>Filesystem: make_file_executable(target_path)
        else file does not exist
            WheelInstaller->>Filesystem: create parent directories
            WheelInstaller->>Filesystem: open target_path for writing
            WheelInstaller->>Filesystem: copyfileobj_with_hashing(stream, file)
            WheelInstaller->>Filesystem: make_file_executable(target_path)
        end
        WheelInstaller-->>Caller: return
    end

Loading

Class diagram for WheelInstaller write_to_fs path traversal protection

classDiagram
    class WheelInstaller {
        dict scheme_dict
        write_to_fs(scheme, path, stream)
    }

    class Path {
        resolve()
        is_relative_to(path)
    }

    class InstallerUtils {
        copyfileobj_with_hashing(src, dst)
        make_file_executable(path)
    }

    WheelInstaller --> Path : uses
    WheelInstaller --> InstallerUtils : uses

Loading

File-Level Changes

Change	Details	Files
Harden wheel installation against path traversal by resolving and validating target paths before writing files.	Resolve the installation scheme directory before use. Compute each file’s target path as a resolved path under the resolved scheme directory. Reject any file whose resolved target path escapes the scheme directory by raising a ValueError. Preserve existing behavior for already-existing target paths aside from the new validation.	src/poetry/installation/wheel_installer.py
Extend installer test coverage for symlinked install paths and path traversal attempts in wheels.	Add a test ensuring installation works when the environment path is a symlink to the real target directory. Introduce a fixture that programmatically builds a wheel containing a path traversal entry escaping the package directory. Add a test asserting that installing the malicious wheel raises ValueError and does not create files outside the environment directory.	tests/installation/test_wheel_installer.py

---

Tips and commands

Interacting with Sourcery

• Trigger a new review: Comment @sourcery-ai review on the pull request.
• Continue discussions: Reply directly to Sourcery's review comments.
• Generate a GitHub issue from a review comment: Ask Sourcery to create an
  issue from a review comment by replying to it. You can also reply to a
  review comment with @sourcery-ai issue to create an issue from it.
• Generate a pull request title: Write @sourcery-ai anywhere in the pull
  request title to generate a title at any time. You can also comment
  @sourcery-ai title on the pull request to (re-)generate the title at any time.
• Generate a pull request summary: Write @sourcery-ai summary anywhere in
  the pull request body to generate a PR summary at any time exactly where you
  want it. You can also comment @sourcery-ai summary on the pull request to
  (re-)generate the summary at any time.
• Generate reviewer's guide: Comment @sourcery-ai guide on the pull
  request to (re-)generate the reviewer's guide at any time.
• Resolve all Sourcery comments: Comment @sourcery-ai resolve on the
  pull request to resolve all Sourcery comments. Useful if you've already
  addressed all the comments and don't want to see them anymore.
• Dismiss all Sourcery reviews: Comment @sourcery-ai dismiss on the pull
  request to dismiss all existing Sourcery reviews. Especially useful if you
  want to start fresh with a new review - don't forget to comment
  @sourcery-ai review to trigger a new review!

Customizing Your Experience

Access your dashboard to:

• Enable or disable review features such as the Sourcery-generated pull request
  summary, the reviewer's guide, and others.
• Change the review language.
• Add, remove or edit custom review instructions.
• Adjust other review settings.

Getting Help

• Contact our support team for questions or feedback.
• Visit our documentation for detailed guides and information.
• Keep in touch with the Sourcery team by following us on X/Twitter, LinkedIn or GitHub.

[sourcery-ai]

Hey - I've found 1 issue, and left some high level feedback:

• The use of Path.is_relative_to requires Python 3.9+, so if this project still supports 3.8 you should replace it with a try: target_path.relative_to(target_dir) ... except ValueError check for compatibility.

Prompt for AI Agents

Please address the comments from this code review:

## Overall Comments
- The use of `Path.is_relative_to` requires Python 3.9+, so if this project still supports 3.8 you should replace it with a `try: target_path.relative_to(target_dir) ... except ValueError` check for compatibility.

## Individual Comments

### Comment 1
<location path="tests/installation/test_wheel_installer.py" line_range="86-95" />
<code_context>
         assert not cache_dir.exists()
+
+
+def test_install_dir_is_symlink(tmp_path: Path, demo_wheel: Path) -> None:
+    target_dir = tmp_path / "target"
+    target_dir.mkdir()
+    symlink_dir = tmp_path / "symlink"
+    symlink_dir.symlink_to(target_dir, target_is_directory=True)
+
+    env = MockEnv(path=symlink_dir)
+
+    installer = WheelInstaller(env)
+    installer.install(demo_wheel)
+
+    assert (Path(env.paths["purelib"]) / "demo").exists()
+
+
</code_context>
<issue_to_address>
**suggestion (testing):** Strengthen the symlink test by asserting that files end up in the real target directory, not outside it

Since this test focuses on symlink behavior, it would help to explicitly assert that the `demo` package ends up under the resolved `target_dir` (e.g. `(target_dir / "lib" / ... / "demo")` or the actual purelib path) and not alongside `symlink` or elsewhere under `tmp_path`. That way the test verifies both that symlink resolution works and that files are only written inside the intended target directory.
</issue_to_address>

---

Sourcery is free for open source - if you like our reviews please consider sharing them ✨

• X
• Mastodon
• LinkedIn
• Facebook

_{Help me be more useful! Please click 👍 or 👎 on each comment and I'll use the feedback to improve your reviews.}

[dosubot]

Documentation Updates

1 document(s) were updated by changes in this PR:

CHANGELOG

View Changes

@@ -182,6 +182,7 @@
 - Fix an issue where the result of `poetry lock` was not deterministic ([#10276](https://github.com/python-poetry/poetry/pull/10276)).
 - Fix an issue where `poetry env activate` returned the wrong command for `tcsh` ([#10243](https://github.com/python-poetry/poetry/pull/10243)).
 - Fix an issue where `poetry env activate` returned the wrong command for `pwsh` on Linux ([#10256](https://github.com/python-poetry/poetry/pull/10256)).
+- Fix a path traversal vulnerability in the wheel installer that could allow malicious wheel files to write files outside of the intended installation directory ([#10792](https://github.com/python-poetry/poetry/pull/10792)).
 
 ### Docs
 

^{How did I do? Any feedback?}