From 503408a1a09eec037f281ff2481a2a5684aa01ab Mon Sep 17 00:00:00 2001
From: Thomas Woerner <twoerner@redhat.com>
Date: Wed, 6 Dec 2023 14:58:33 +0100
Subject: [PATCH] Fix link target generation for collection test

The link_target was generated only using the extract_dir and the
linkname, but without the directory path that contains the link. Therefore
the link_target could be outside of extract_dir.

No-Issue

Signed-off-by: Thomas Woerner <twoerner@redhat.com>
---
 galaxy_importer/collection.py | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/galaxy_importer/collection.py b/galaxy_importer/collection.py
index 4605a2a0..8bda1316 100644
--- a/galaxy_importer/collection.py
+++ b/galaxy_importer/collection.py
@@ -165,7 +165,9 @@ def _extract_archive(fileobj, extract_dir):
                 raise exc.ImporterError("Invalid file paths detected.")
             if item.linkname:
                 # Ensure the link target is within the extraction root
-                link_target = os.path.normpath(os.path.join(extract_dir, item.linkname))
+                link_target = os.path.normpath(
+                    os.path.join(extract_dir, os.path.dirname(item.name), item.linkname)
+                )
                 if not link_target.startswith(os.path.abspath(extract_dir)):
                     raise exc.ImporterError("Invalid link target detected.")
         tf.extractall(extract_dir)