Skip to content

C
cpython
Kaydet (Commit) 05fd7441 authored tarafından Serhiy Storchaka's avatar Serhiy Storchaka
Dosyalara gözat
Seçenekler

Preserve backslashes in malicious zip files for testing issue #6972.

üst eff492f4
Hide whitespace changes
Inline Side-by-side
Showing with 6 additions and 1 deletion
Lib/test/test_zipfile.py
Dosyayı görüntüle @ 05fd7441
...@@ -461,12 +461,17 @@ class TestsWithSourceFile(unittest.TestCase): ...@@ -461,12 +461,17 @@ class TestsWithSourceFile(unittest.TestCase):
hacknames.extend([ hacknames.extend([
('//foo/bar', 'foo/bar'), ('//foo/bar', 'foo/bar'),
('../../foo../../ba..r', 'foo../ba..r'), ('../../foo../../ba..r', 'foo../ba..r'),
(r'foo/..\bar', r'foo/..\bar'),
]) ])
for arcname, fixedname in hacknames: for arcname, fixedname in hacknames:
content = b'foobar' + arcname.encode() content = b'foobar' + arcname.encode()
with zipfile.ZipFile(TESTFN2, 'w', zipfile.ZIP_STORED) as zipfp: with zipfile.ZipFile(TESTFN2, 'w', zipfile.ZIP_STORED) as zipfp:
zipfp.writestr(arcname, content) zinfo = zipfile.ZipInfo()
# preserve backslashes
zinfo.filename = arcname
zinfo.external_attr = 0o600 << 16
zipfp.writestr(zinfo, content)
targetpath = os.path.join('target', 'subdir', 'subsub') targetpath = os.path.join('target', 'subdir', 'subsub')
correctfile = os.path.join(targetpath, *fixedname.split('/')) correctfile = os.path.join(targetpath, *fixedname.split('/'))
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment