Add check for symlink in _safe_extract (#11611)

Signed-off-by: Abhishree <[email protected]>

nemo/core/connectors/save_restore_connector.py

@@ -601,7 +601,12 @@ def _is_safe_path(member, extract_to):
         # Construct the full path where the member would be extracted
         full_path = os.path.join(extract_to, member_path)
         # Ensure the member would be extracted within the intended directory
-        return os.path.commonprefix([full_path, extract_to]) == extract_to
+        if os.path.commonprefix([full_path, extract_to]) != extract_to:
+            return False
+        # Check if the member is a symbolic link
+        if member.issym() or member.islnk():
+            return False
+        return True
 
     @staticmethod
     def _safe_extract(tar, out_folder: str, members=None):