From e343c577cd7da4d304b837d4a07ab4df1e023092 Mon Sep 17 00:00:00 2001
From: Vladimir Iakovlev <nvbn.rm@gmail.com>
Date: Tue, 8 Jun 2021 22:04:51 +0200
Subject: [PATCH] NA: Fix possible changes in files outside of working
 directory (#1206)

---
 thefuck/rules/dirty_untar.py | 4 ++++
 thefuck/rules/dirty_unzip.py | 4 ++++
 2 files changed, 8 insertions(+)

diff --git a/thefuck/rules/dirty_untar.py b/thefuck/rules/dirty_untar.py
index d94958b9..638aa876 100644
--- a/thefuck/rules/dirty_untar.py
+++ b/thefuck/rules/dirty_untar.py
@@ -41,6 +41,10 @@ def get_new_command(command):
 def side_effect(old_cmd, command):
     with tarfile.TarFile(_tar_file(old_cmd.script_parts)[0]) as archive:
         for file in archive.getnames():
+            if not os.path.abspath(file).startswith(os.getcwd()):
+                # it's unsafe to overwrite files outside of the current directory
+                continue
+
             try:
                 os.remove(file)
             except OSError:
diff --git a/thefuck/rules/dirty_unzip.py b/thefuck/rules/dirty_unzip.py
index 5369dea7..6b507987 100644
--- a/thefuck/rules/dirty_unzip.py
+++ b/thefuck/rules/dirty_unzip.py
@@ -45,6 +45,10 @@ def get_new_command(command):
 def side_effect(old_cmd, command):
     with zipfile.ZipFile(_zip_file(old_cmd), 'r') as archive:
         for file in archive.namelist():
+            if not os.path.abspath(file).startswith(os.getcwd()):
+                # it's unsafe to overwrite files outside of the current directory
+                continue
+
             try:
                 os.remove(file)
             except OSError: