Version: [5434] GeoGenie 1.0.1

Replaced every extractall() call — in the plugin (analyzer.py,
sar_flood.py) and in the generated pipeline scripts
(pipeline_manager.py) — with safe member-by-member extraction that:

Computes where each member would be written and checks (via
os.path.realpath + os.path.commonpath) that it stays inside the target
directory.
Raises ValueError on any member that would escape — before writing
anything.
Extracts members individually with .extract() instead of
.extractall(), so the syntactic Bandit rule has nothing to flag.
For tar on Python 3.12+, also applies the stdlib filter="data" as
defense-in-depth.

yes

kodeezabdullah

2026-06-11T17:15:14.471766+00:00

3.28.0

4.99.0

None

no

Version management

Plugin details