[issue20749] shutil.unpack_archive(): security concerns not documented

2021-10-22 Thread swenson
Change by swenson : -- keywords: +patch nosy: +swenson nosy_count: 3.0 -> 4.0 pull_requests: +27458 stage: needs patch -> patch review pull_request: https://github.com/python/cpython/pull/29184 ___ Python tracker

[issue20749] shutil.unpack_archive(): security concerns not documented

2021-05-21 Thread Ned Deily
Ned Deily added the comment: The warning from Tarfile.extractall (Doc/library/tarfile.rst -> https://docs.python.org/dev/library/tarfile.html#tarfile-objects) can be adapted for use here (Doc/library/shutil.rst -> https://docs.python.org/dev/library/shutil.html#archiving-operations).

[issue20749] shutil.unpack_archive(): security concerns not documented

2019-03-15 Thread Mark Lawrence
Change by Mark Lawrence : -- nosy: -BreamoreBoy ___ Python tracker ___ ___ Python-bugs-list mailing list Unsubscribe:

[issue20749] shutil.unpack_archive(): security concerns not documented

2015-05-03 Thread Mark Lawrence
Mark Lawrence added the comment: If there is an agreed standard for security warnings I'll prepare a patch for this. -- nosy: +BreamoreBoy versions: +Python 3.5 -Python 3.3 ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue20749

[issue20749] shutil.unpack_archive(): security concerns not documented

2014-02-24 Thread Antoine Pitrou
Changes by Antoine Pitrou pit...@free.fr: -- stage: - needs patch type: - behavior versions: +Python 2.7, Python 3.3, Python 3.4 ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue20749 ___

[issue20749] shutil.unpack_archive(): security concerns not documented

2014-02-23 Thread Jakub Wilk
New submission from Jakub Wilk: shutil.unpack_archive() uses tarfile.extractall() under the hood, so it's not suitable for unpacking untrusted archives. But this fact is not documented. Please add a security warning to shutil.unpack_archive() documentation. -- assignee: docs@python