Mirror
/
cpython
mirror of https://github.com/python/cpython
4
1
Fork 0
Code Issues Releases Wiki Activity

#4871: check that zipfile password is bytes, and give useful error message. 

Previously passing a string in as the password would fail either with
an assertion error or a TypeError with a confusing error message.
Note that a string can't be accepted since zipfile has no way to
guess what encoding should be used to turn it into bytes.

Patch by Victor Stinner.
This commit is contained in:
R. David Murray 2010-12-21 21:53:37 +00:00
parent 7f8f41808b
commit 8d855d8304
3 changed files with 19 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
Lib/test/test_zipfile.py
View File

@ -1089,6 +1089,12 @@ class DecryptionTests(unittest.TestCase):
self.zip2.setpassword(b"12345") self.zip2.setpassword(b"12345")
self.assertEqual(self.zip2.read("zero"), self.plain2) self.assertEqual(self.zip2.read("zero"), self.plain2)
def test_unicode_password(self):
self.assertRaises(TypeError, self.zip.setpassword, "unicode")
self.assertRaises(TypeError, self.zip.read, "test.txt", "python")
self.assertRaises(TypeError, self.zip.open, "test.txt", pwd="python")
self.assertRaises(TypeError, self.zip.extract, "test.txt", pwd="python")
class TestsWithRandomBinaryFiles(unittest.TestCase): class TestsWithRandomBinaryFiles(unittest.TestCase):
def setUp(self): def setUp(self):

14
Lib/zipfile.py
View File

@ -877,8 +877,12 @@ class ZipFile:
def setpassword(self, pwd): def setpassword(self, pwd):
"""Set default password for encrypted files.""" """Set default password for encrypted files."""
assert isinstance(pwd, bytes) if pwd and not isinstance(pwd, bytes):
self.pwd = pwd raise TypeError("pwd: expected bytes, got %s" % type(pwd))
if pwd:
self.pwd = pwd
else:
self.pwd = None
def read(self, name, pwd=None): def read(self, name, pwd=None):
"""Return file bytes (as a string) for name.""" """Return file bytes (as a string) for name."""
@ -889,6 +893,8 @@ class ZipFile:
"""Return file-like object for 'name'.""" """Return file-like object for 'name'."""
if mode not in ("r", "U", "rU"): if mode not in ("r", "U", "rU"):
raise RuntimeError('open() requires mode "r", "U", or "rU"') raise RuntimeError('open() requires mode "r", "U", or "rU"')
if pwd and not isinstance(pwd, bytes):
raise TypeError("pwd: expected bytes, got %s" % type(pwd))
if not self.fp: if not self.fp:
raise RuntimeError( raise RuntimeError(
"Attempt to read ZIP archive that was already closed") "Attempt to read ZIP archive that was already closed")
@ -949,8 +955,8 @@ class ZipFile:
# completely random, while the 12th contains the MSB of the CRC, # completely random, while the 12th contains the MSB of the CRC,
# or the MSB of the file time depending on the header type # or the MSB of the file time depending on the header type
# and is used to check the correctness of the password. # and is used to check the correctness of the password.
bytes = zef_file.read(12) header = zef_file.read(12)
h = list(map(zd, bytes[0:12])) h = list(map(zd, header[0:12]))
if zinfo.flag_bits & 0x8: if zinfo.flag_bits & 0x8:
# compare against the file type from extended local headers # compare against the file type from extended local headers
check_byte = (zinfo._raw_time >> 8) & 0xff check_byte = (zinfo._raw_time >> 8) & 0xff

3
Misc/NEWS
View File

@ -11,6 +11,9 @@ Core and Builtins
Library Library
------- -------
- Issue #4871: The zipfile module now gives a more useful error message if
an attempt is made to use a string to specify the archive password.
- Issue #10750: The ``raw`` attribute of buffered IO objects is now read-only. - Issue #10750: The ``raw`` attribute of buffered IO objects is now read-only.
- Deprecated assertDictContainsSubclass() in the unittest module. - Deprecated assertDictContainsSubclass() in the unittest module.