Preserve backslashes in malicious zip files for testing issue #6972.

2013-02-02 18:34:57 +02:00 · 2013-02-02 18:34:57 +02:00 · 05fd744122
parent eff492f4b7
commit 05fd744122
1 changed files with 6 additions and 1 deletions
--- a/Lib/test/test_zipfile.py
+++ b/Lib/test/test_zipfile.py
@ -461,12 +461,17 @@ class TestsWithSourceFile(unittest.TestCase):
            hacknames.extend([
                ('//foo/bar', 'foo/bar'),
                ('../../foo../../ba..r', 'foo../ba..r'),
+                (r'foo/..\bar', r'foo/..\bar'),
            ])

        for arcname, fixedname in hacknames:
            content = b'foobar' + arcname.encode()
            with zipfile.ZipFile(TESTFN2, 'w', zipfile.ZIP_STORED) as zipfp:
-                zipfp.writestr(arcname, content)
+                zinfo = zipfile.ZipInfo()
+                # preserve backslashes
+                zinfo.filename = arcname
+                zinfo.external_attr = 0o600 << 16
+                zipfp.writestr(zinfo, content)

            targetpath = os.path.join('target', 'subdir', 'subsub')
            correctfile = os.path.join(targetpath, *fixedname.split('/'))