mirrors/cpython
1
0
Fork 0
mirror of https://github.com/python/cpython.git synced 2025-09-27 10:50:04 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 13

Preserve backslashes in malicious zip files for testing issue #6972.

Browse source
This commit is contained in:
Serhiy Storchaka 2013-02-02 18:34:57 +02:00
parent eff492f4b7
commit 05fd744122
1 changed files with 6 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

7
Lib/test/test_zipfile.py
View file

@ -461,12 +461,17 @@ class TestsWithSourceFile(unittest.TestCase):
hacknames.extend([ hacknames.extend([
('//foo/bar', 'foo/bar'), ('//foo/bar', 'foo/bar'),
('../../foo../../ba..r', 'foo../ba..r'), ('../../foo../../ba..r', 'foo../ba..r'),
(r'foo/..\bar', r'foo/..\bar'),
]) ])
for arcname, fixedname in hacknames: for arcname, fixedname in hacknames:
content = b'foobar' + arcname.encode() content = b'foobar' + arcname.encode()
with zipfile.ZipFile(TESTFN2, 'w', zipfile.ZIP_STORED) as zipfp: with zipfile.ZipFile(TESTFN2, 'w', zipfile.ZIP_STORED) as zipfp:
zipfp.writestr(arcname, content) zinfo = zipfile.ZipInfo()
# preserve backslashes
zinfo.filename = arcname
zinfo.external_attr = 0o600 << 16
zipfp.writestr(zinfo, content)
targetpath = os.path.join('target', 'subdir', 'subsub') targetpath = os.path.join('target', 'subdir', 'subsub')
correctfile = os.path.join(targetpath, *fixedname.split('/')) correctfile = os.path.join(targetpath, *fixedname.split('/'))