Skip to content

TAR support, archive security hardening, GUI — v1.0.0#5

Merged
stark4n6 merged 3 commits into
stark4n6:mainfrom
Mipa97:main
Jun 23, 2026
Merged

TAR support, archive security hardening, GUI — v1.0.0#5
stark4n6 merged 3 commits into
stark4n6:mainfrom
Mipa97:main

Conversation

@Mipa97

@Mipa97 Mipa97 commented Jun 19, 2026
edited
Loading

Copy link
Copy Markdown
Contributor

SQLiteWalker v1.0.0

TAR Archive Support

  • Added support for .tar, .tar.gz, and .tgz archives alongside existing .zip support.
  • Implemented streaming read mode (r|*) to avoid full archive decompression into memory.
  • WAL/SHM files are now extracted from TAR archives the same way as ZIP archives.

Archive Security Hardening

  • Blocked absolute paths (/etc/passwd, C:\Windows\...) during extraction.
  • Prevented directory traversal attacks (../../secret).
  • Added post-sanitization commonpath() validation as a second defence layer.
  • Disabled TAR hard links and symlinks to prevent unsafe extraction.
  • Sanitized Windows reserved device names (CON, NUL, COM*, LPT*).
  • Replaced illegal filename characters and removed trailing spaces/dots.

New GUI

  • Added a tkinter interface with no extra dependencies.
  • Added Folder / ZIP / TAR source selection and browser dialogs.
  • Added live logging for databases, WALs, SHMs, and errors.
  • Added deterministic progress tracking with pre-counted files.
  • Added status bar statistics for DBs, WALs, SHMs, and errors.
  • Added one-click Open Output after scan completion.
  • Added custom embedded icon and cross-platform font selection.
  • Added scanning to a worker thread to keep the UI responsive.
  • Added application icon and logo

Fixes & Improvements

  • Fixed output folder trailing-separator issue affecting Linux/macOS.
  • Added collision-safe output folders (-001, -002, etc.).
  • Added collision-safe extraction for duplicate archive filenames.
  • Moved SQLITE_MAGIC to a module-level constant.
  • Added export output in SQLiteDB format
  • Added rel == "." guard to prevent incorrect root-level paths.

Testing

  • All integration tests passing:
    • Folder scanning
    • ZIP archives
    • TAR archives
    • Security checks
    • Collision handling
    • Symlink protection

Mipa97 added 3 commits June 19, 2026 10:47
@Mipa97
v.0.0.6 - TAR support, archive security, GUI
32e71fb 
# --- TAR support ---
- Added .tar / .tar.gz / .tgz input support (streaming r|* mode)

# --- Archive security ---
- Block absolute paths and directory traversal at extraction time
- Double-check resolved path stays inside dest with commonpath()
- Block TAR hard links and symlinks unconditionally
- Sanitize Windows reserved names (CON/NUL/COM*/LPT*) and illegal chars

# --- GUI (SQLiteWalkerGUI.py) ---
- New tkinter GUI, no extra dependencies
- Live log panel, progress bar, stat pills, Open Output button
- Cross OS support

# --- Fixes ---
- Collision-safe output folders and extracted filenames (-001, -002...)
@Mipa97
Minor Updates on GUI v.0.6.0
896cdeb
@Mipa97
Merge GUI into main python file
8220e37 
Adjustments on the main python file and merge of GUI code into it to make SQLiteWalker into one portable python file. Added icon to the application
@Mipa97 Mipa97 changed the title TAR support, archive security hardening, GUI — v0.6.0 TAR support, archive security hardening, GUI — v1.0.0 Jun 23, 2026
@stark4n6 stark4n6 merged commit 7b24dc7 into stark4n6:main Jun 23, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@Mipa97 @stark4n6