Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

How are parent directories in archives handled? #10

Open
wolph opened this issue Sep 8, 2015 · 0 comments
Open

How are parent directories in archives handled? #10

wolph opened this issue Sep 8, 2015 · 0 comments

Comments

@wolph
Copy link
Contributor

wolph commented Sep 8, 2015

It's a common security issue with many archive packages that if the path within the archive is specified as ../../../something.txt you can accidently overwrite files outside of your working directory.

Does this library protect against that? If not, how can I manually specify where to write the output?

With the zipfile library I generally solve it like this:

import os


def sanitize_path(path):
    return os.path.normpath('/' + path).lstrip('/')


target_directory = 'something/'

with zipfile.ZipFile(zip_filename, 'r') as zip_fh:
    for name in zip_fh.namelist():
        clean_name = sanitize_path(name)
        extract_to = os.path.join(target_directory, clean_name)

        zip_.extract(
            name,
            extract_to,
        )
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@wolph