Skip to content

TAR support, archive security hardening, GUI — v0.6.0#5

Open
Mipa97 wants to merge 1 commit into
stark4n6:mainfrom
Mipa97:main
Open

TAR support, archive security hardening, GUI — v0.6.0#5
Mipa97 wants to merge 1 commit into
stark4n6:mainfrom
Mipa97:main

Conversation

@Mipa97

@Mipa97 Mipa97 commented Jun 19, 2026

Copy link
Copy Markdown

SQLiteWalker v0.6.0

TAR Archive Support

  • Added support for .tar, .tar.gz, and .tgz archives alongside existing .zip support.
  • Implemented streaming read mode (r|*) to avoid full archive decompression into memory.
  • WAL/SHM files are now extracted from TAR archives the same way as ZIP archives.

Archive Security Hardening

  • Blocked absolute paths (/etc/passwd, C:\Windows\...) during extraction.
  • Prevented directory traversal attacks (../../secret).
  • Added post-sanitization commonpath() validation as a second defence layer.
  • Disabled TAR hard links and symlinks to prevent unsafe extraction.
  • Sanitized Windows reserved device names (CON, NUL, COM*, LPT*).
  • Replaced illegal filename characters and removed trailing spaces/dots.

New GUI (SQLiteWalkerGUI.py)

  • Added a tkinter interface with no extra dependencies.
  • Added Folder / ZIP / TAR source selection and browser dialogs.
  • Added live logging for databases, WALs, SHMs, and errors.
  • Added deterministic progress tracking with pre-counted files.
  • Added status bar statistics for DBs, WALs, SHMs, and errors.
  • Added one-click Open Output after scan completion.
  • Added custom embedded icon and cross-platform font selection.
  • Added scanning to a worker thread to keep the UI responsive.

Fixes & Improvements

  • Fixed output folder trailing-separator issue affecting Linux/macOS.
  • Added collision-safe output folders (-001, -002, etc.).
  • Added collision-safe extraction for duplicate archive filenames.
  • Moved SQLITE_MAGIC to a module-level constant.
  • Added rel == "." guard to prevent incorrect root-level paths.

Testing

  • All integration tests passing:
    • Folder scanning
    • ZIP archives
    • TAR archives
    • Security checks
    • Collision handling
    • Symlink protection

@Mipa97
v.0.0.6 - TAR support, archive security, GUI
32e71fb 
# --- TAR support ---
- Added .tar / .tar.gz / .tgz input support (streaming r|* mode)

# --- Archive security ---
- Block absolute paths and directory traversal at extraction time
- Double-check resolved path stays inside dest with commonpath()
- Block TAR hard links and symlinks unconditionally
- Sanitize Windows reserved names (CON/NUL/COM*/LPT*) and illegal chars

# --- GUI (SQLiteWalkerGUI.py) ---
- New tkinter GUI, no extra dependencies
- Live log panel, progress bar, stat pills, Open Output button
- Cross OS support

# --- Fixes ---
- Collision-safe output folders and extracted filenames (-001, -002...)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@Mipa97