Commit Graph

19 Commits

Author SHA1 Message Date
Cody Maloney 556dc9b8a7
gh-113977, gh-120754: Remove unbounded reads from zipfile (GH-122101)
GH-113977, GH-120754: Remove unbounded reads from zipfile

Read without a size may read an unbounded amount of data + allocate
unbounded size buffers. Move to capped size reads to prevent potential
issues.

Co-authored-by: Daniel Hillier <daniel.hillier@gmail.com>
Co-authored-by: blurb-it[bot] <43283697+blurb-it[bot]@users.noreply.github.com>
2024-11-02 22:28:51 -07:00
Geoffrey Thomas ef172521a9
Remove almost all unpaired backticks in docstrings (#119231)
As reported in #117847 and #115366, an unpaired backtick in a docstring
tends to confuse e.g. Sphinx running on subclasses of standard library
objects, and the typographic style of using a backtick as an opening
quote is no longer in favor. Convert almost all uses of the form

    The variable `foo' should do xyz

to

    The variable 'foo' should do xyz

and also fix up miscellaneous other unpaired backticks (extraneous /
missing characters).

No functional change is intended here other than in human-readable
docstrings.
2024-05-22 12:35:18 -04:00
Serhiy Storchaka 51ef89cd9a
gh-115961: Add name and mode attributes for compressed file-like objects (GH-116036)
* Add name and mode attributes for compressed and archived file-like objects
  in modules bz2, lzma, tarfile and zipfile.
* Change the value of the mode attribute of GzipFile from integer (1 or 2)
  to string ('rb' or 'wb').
* Change the value of the mode attribute of ZipExtFile from 'r' to 'rb'.
2024-04-21 11:46:39 +03:00
Deborah a32d693948
gh-102190: Add additional zipfile `pwd=` arg docstrings (gh-102195)
This just documents the parameter that already exists.

---------

Co-authored-by: Gregory P. Smith <greg@krypto.org>
Co-authored-by: Erlend E. Aasland <erlend.aasland@protonmail.com>
2024-03-31 20:11:48 +00:00
Serhiy Storchaka 567ab3bd15
gh-117084: Fix ZIP file extraction for directory entry names with backslashes on Windows (GH-117129) 2024-03-22 20:08:00 +02:00
Serhiy Storchaka 5d2794a16b
gh-67837, gh-112998: Fix dirs creation in concurrent extraction (GH-115082)
Avoid race conditions in the creation of directories during concurrent
extraction in tarfile and zipfile.

Co-authored-by: Samantha Hughes <shughes-uk@users.noreply.github.com>
Co-authored-by: Peder Bergebakken Sundt <pbsds@hotmail.com>
2024-02-11 12:38:07 +02:00
Gregory P. Smith b44b9d9900
gh-113971: Make `zipfile.ZipInfo._compresslevel` public as `.compress_level` (#113969)
Make zipfile.ZipInfo.compress_level public.

A property is used to retain the behavior of the ._compresslevel.

People constructing zipfile.ZipInfo instances to pass into existing APIs to control per-file compression levels already treat this as public, there was never a reason for it not to be.

I used the more modern name compress_level instead of compresslevel as the keyword argument on other ZipFile APIs is called to be consistent with compress_type and a general long term preference of not runningwordstogether without a separator in names.
2024-01-12 20:15:05 +00:00
Serhiy Storchaka 66363b9a7b
gh-109858: Protect zipfile from "quoted-overlap" zipbomb (GH-110016)
Raise BadZipFile when try to read an entry that overlaps with other entry or
central directory.
2024-01-10 15:55:36 +02:00
AN Long 541c5dbb81
gh-112795: Allow `/` folder in a zipfile (#112932)
Allow extraction (no-op) of a "/" folder in a zipfile, they are commonly added by some archive creation tools.

Co-authored-by: Erlend E. Aasland <erlend@python.org>
Co-authored-by: Gregory P. Smith <greg@krypto.org>
2024-01-07 01:14:18 +00:00
Shantanu 29e6c7b68a
gh-112578: Fix RuntimeWarning when running zipfile (GH-112579) 2023-12-03 13:09:29 +02:00
Jokimax c73b0f3560
gh-102956: Fix returning of empty byte strings after seek in zipfile … (#103565)
gh-102956: Fix returning of empty byte strings after seek in zipfile module. This was a regression in 3.12.0 due to a performance enhancement.
2023-10-24 21:15:42 +00:00
Kirill Podoprigora 4110cfec12
gh-110715: Add missing import in zipfile (gh-110822) 2023-10-14 16:17:47 +09:00
Jason R. Coombs e9791ba351
gh-88233: zipfile: refactor _strip_extra (#102084)
* Refactor zipfile._strip_extra to use higher level abstractions for extras instead of a heavy-state loop.

* Add blurb

* Remove _strip_extra and use _Extra.strip directly.

* Use memoryview to avoid unnecessary copies while splitting Extras.
2023-09-25 19:46:58 -04:00
Carey Metcalfe 798bcaa1eb
gh-103861: Fix Zip64 extensions not being properly applied in some cases (#103863)
Fix Zip64 extensions not being properly applied in some cases:

Fixes an issue where adding a small file to a `ZipFile`
object while forcing zip64 extensions causes an extra Zip64 record to be
added to the zip, but doesn't update the `min_version` or file sizes in
the primary central directory header.

Also fixed an edge case in checking if zip64 extensions are required:

This fixes an issue where if data requiring zip64 extensions was added
to an unseekable stream without specifying `force_zip64=True`, zip64
extensions would not be used and a RuntimeError would not be raised when
closing the file (even though the size would be known at that point).
This would result in successfully writing corrupt zip files.

Deciding if zip64 extensions are required outside of the `FileHeader`
function means that both `FileHeader` and `_ZipWriteFile` will always be
in sync. Previously, the `FileHeader` function could enable zip64
extensions without propagating that decision to the `_ZipWriteFile`
class, which would then not correctly write the data descriptor record
or check for errors on close.

If anyone is actually using `ZipInfo.FileHeader` as a public API without
explicitly passing True or False in for zip64, their own code may still be
susceptible to that kind of bug unless they make a similar change to
where the zip64 decision happens.

Fixes #103861

---------

Co-authored-by: Gregory P. Smith <greg@krypto.org>
2023-05-16 00:43:44 -07:00
Carey Metcalfe 4abfe6a14b
GH-92184: Convert os.altsep to '/' in filenames when creating ZipInfo objects (#92185)
This causes the zipfile module to also consider the character defined by
`os.altsep` (if there is one) to be a path separator and convert it to a
forward slash, as defined by the zip specification.

A logical no-op on all known platforms today as os.altsep is currently only set to a meaningful value on Windows (where it is "/").
2023-05-11 07:25:16 +00:00
Yeojin Kim 8f70b16e33
gh-86094: Add support for Unicode Path Extra Field in ZipFile (gh-102566) 2023-04-05 20:54:48 +09:00
Tim Hatch 59e86caca8
gh-88233: zipfile: handle extras after a zip64 extra (GH-96161)
Previously, any data _after_ the zip64 extra would be removed.

With many new tests.

Fixes #88233

Automerge-Triggered-By: GH:jaraco
2023-02-20 09:07:03 -08:00
dmjohnsson23 59665d0280
Improve zip64 limit error message (#95892) 2022-11-30 16:44:41 +05:30
Jason R. Coombs 7796d3179b
gh-98098: Create packages from zipfile and test_zipfile (gh-98103)
* gh-98098: Move zipfile into a package.

* Moved test_zipfile to a package

* Extracted module for test_path.

* Add blurb

* Add jaraco as owner of zipfile.Path.

* Synchronize with minor changes found at jaraco/zipp@d9e7f4352d.
2022-11-26 09:44:13 -05:00