https://github.com/python/cpython/commit/a3990df6121880e8c67824a101bb1316de232898
commit: a3990df6121880e8c67824a101bb1316de232898
branch: main
author: Affan Shaikhsurab <51104750+affanshaikhsu...@users.noreply.github.com>
committer: jaraco <jar...@jaraco.com>
date: 2025-03-08T16:37:05-05:00
summary:
gh-123726: Document caveats of zipfile.Path around name sanitization (#130537)
Add a note to the `zipfile.Path` class documentation clarifying that it does
not sanitize filenames. This emphasizes the caller's responsibility to validate
or sanitize inputs, especially when handling untrusted ZIP archives, to prevent
path traversal vulnerabilities. The note also references the `extract` and
`extractall` methods for comparison and suggests using `os.path.abspath` and
`os.path.commonpath` for safe filename resolution.
files:
M Doc/library/zipfile.rst
diff --git a/Doc/library/zipfile.rst b/Doc/library/zipfile.rst
index afe1cd5c75fcbb..0e6439f75334e9 100644
--- a/Doc/library/zipfile.rst
+++ b/Doc/library/zipfile.rst
@@ -554,6 +554,14 @@ Path Objects
e.g. 'dir/file.txt', 'dir/', or ''. Defaults to the empty string,
indicating the root.
+ .. note::
+ The :class:`Path` class does not sanitize filenames within the ZIP
archive. Unlike
+ the :meth:`ZipFile.extract` and :meth:`ZipFile.extractall` methods, it
is the
+ caller's responsibility to validate or sanitize filenames to prevent
path traversal
+ vulnerabilities (e.g., filenames containing ".." or absolute paths).
When handling
+ untrusted archives, consider resolving filenames using
:func:`os.path.abspath`
+ and checking against the target directory with
:func:`os.path.commonpath`.
+
Path objects expose the following features of :mod:`pathlib.Path`
objects:
_______________________________________________
Python-checkins mailing list -- python-checkins@python.org
To unsubscribe send an email to python-checkins-le...@python.org
https://mail.python.org/mailman3/lists/python-checkins.python.org/
Member address: arch...@mail-archive.com
