#4871: check that zipfile password is bytes, and give useful error message.

Previously passing a string in as the password would fail either with an assertion error or a TypeError with a confusing error message. Note that a string can't be accepted since zipfile has no way to guess what encoding should be used to turn it into bytes. Patch by Victor Stinner.
2010-12-21 21:53:37 +00:00 · 2010-12-21 21:53:37 +00:00 · 8d855d8304
parent 7f8f41808b
commit 8d855d8304
3 changed files with 19 additions and 4 deletions
--- a/Lib/test/test_zipfile.py
+++ b/Lib/test/test_zipfile.py
@ -1089,6 +1089,12 @@ class DecryptionTests(unittest.TestCase):
        self.zip2.setpassword(b"12345")
        self.assertEqual(self.zip2.read("zero"), self.plain2)

+    def test_unicode_password(self):
+        self.assertRaises(TypeError, self.zip.setpassword, "unicode")
+        self.assertRaises(TypeError, self.zip.read, "test.txt", "python")
+        self.assertRaises(TypeError, self.zip.open, "test.txt", pwd="python")
+        self.assertRaises(TypeError, self.zip.extract, "test.txt", pwd="python")
+

 class TestsWithRandomBinaryFiles(unittest.TestCase):
    def setUp(self):
--- a/Lib/zipfile.py
+++ b/Lib/zipfile.py
@ -877,8 +877,12 @@ class ZipFile:

    def setpassword(self, pwd):
        """Set default password for encrypted files."""
-        assert isinstance(pwd, bytes)
-        self.pwd = pwd
+        if pwd and not isinstance(pwd, bytes):
+            raise TypeError("pwd: expected bytes, got %s" % type(pwd))
+        if pwd:
+            self.pwd = pwd
+        else:
+            self.pwd = None

    def read(self, name, pwd=None):
        """Return file bytes (as a string) for name."""
@ -889,6 +893,8 @@ class ZipFile:
        """Return file-like object for 'name'."""
        if mode not in ("r", "U", "rU"):
            raise RuntimeError('open() requires mode "r", "U", or "rU"')
+        if pwd and not isinstance(pwd, bytes):
+            raise TypeError("pwd: expected bytes, got %s" % type(pwd))
        if not self.fp:
            raise RuntimeError(
                  "Attempt to read ZIP archive that was already closed")
@ -949,8 +955,8 @@ class ZipFile:
            #  completely random, while the 12th contains the MSB of the CRC,
            #  or the MSB of the file time depending on the header type
            #  and is used to check the correctness of the password.
-            bytes = zef_file.read(12)
-            h = list(map(zd, bytes[0:12]))
+            header = zef_file.read(12)
+            h = list(map(zd, header[0:12]))
            if zinfo.flag_bits & 0x8:
                # compare against the file type from extended local headers
                check_byte = (zinfo._raw_time >> 8) & 0xff
--- a/Misc/NEWS
+++ b/Misc/NEWS
@ -11,6 +11,9 @@ Core and Builtins
 Library
 -------

+- Issue #4871: The zipfile module now gives a more useful error message if
+  an attempt is made to use a string to specify the archive password.
+
 - Issue #10750: The ``raw`` attribute of buffered IO objects is now read-only.

 - Deprecated assertDictContainsSubclass() in the unittest module.