#4871: check that zipfile password is bytes, and give useful error message.
Previously passing a string in as the password would fail either with an assertion error or a TypeError with a confusing error message. Note that a string can't be accepted since zipfile has no way to guess what encoding should be used to turn it into bytes. Patch by Victor Stinner.
This commit is contained in:
parent
7f8f41808b
commit
8d855d8304
|
@ -1089,6 +1089,12 @@ class DecryptionTests(unittest.TestCase):
|
|||
self.zip2.setpassword(b"12345")
|
||||
self.assertEqual(self.zip2.read("zero"), self.plain2)
|
||||
|
||||
def test_unicode_password(self):
|
||||
self.assertRaises(TypeError, self.zip.setpassword, "unicode")
|
||||
self.assertRaises(TypeError, self.zip.read, "test.txt", "python")
|
||||
self.assertRaises(TypeError, self.zip.open, "test.txt", pwd="python")
|
||||
self.assertRaises(TypeError, self.zip.extract, "test.txt", pwd="python")
|
||||
|
||||
|
||||
class TestsWithRandomBinaryFiles(unittest.TestCase):
|
||||
def setUp(self):
|
||||
|
|
|
@ -877,8 +877,12 @@ class ZipFile:
|
|||
|
||||
def setpassword(self, pwd):
|
||||
"""Set default password for encrypted files."""
|
||||
assert isinstance(pwd, bytes)
|
||||
self.pwd = pwd
|
||||
if pwd and not isinstance(pwd, bytes):
|
||||
raise TypeError("pwd: expected bytes, got %s" % type(pwd))
|
||||
if pwd:
|
||||
self.pwd = pwd
|
||||
else:
|
||||
self.pwd = None
|
||||
|
||||
def read(self, name, pwd=None):
|
||||
"""Return file bytes (as a string) for name."""
|
||||
|
@ -889,6 +893,8 @@ class ZipFile:
|
|||
"""Return file-like object for 'name'."""
|
||||
if mode not in ("r", "U", "rU"):
|
||||
raise RuntimeError('open() requires mode "r", "U", or "rU"')
|
||||
if pwd and not isinstance(pwd, bytes):
|
||||
raise TypeError("pwd: expected bytes, got %s" % type(pwd))
|
||||
if not self.fp:
|
||||
raise RuntimeError(
|
||||
"Attempt to read ZIP archive that was already closed")
|
||||
|
@ -949,8 +955,8 @@ class ZipFile:
|
|||
# completely random, while the 12th contains the MSB of the CRC,
|
||||
# or the MSB of the file time depending on the header type
|
||||
# and is used to check the correctness of the password.
|
||||
bytes = zef_file.read(12)
|
||||
h = list(map(zd, bytes[0:12]))
|
||||
header = zef_file.read(12)
|
||||
h = list(map(zd, header[0:12]))
|
||||
if zinfo.flag_bits & 0x8:
|
||||
# compare against the file type from extended local headers
|
||||
check_byte = (zinfo._raw_time >> 8) & 0xff
|
||||
|
|
|
@ -11,6 +11,9 @@ Core and Builtins
|
|||
Library
|
||||
-------
|
||||
|
||||
- Issue #4871: The zipfile module now gives a more useful error message if
|
||||
an attempt is made to use a string to specify the archive password.
|
||||
|
||||
- Issue #10750: The ``raw`` attribute of buffered IO objects is now read-only.
|
||||
|
||||
- Deprecated assertDictContainsSubclass() in the unittest module.
|
||||
|
|
Loading…
Reference in New Issue