Stowage/cpython
2
0
Fork 0
mirror of https://github.com/python/cpython.git synced 2026-02-13 19:04:37 +00:00
Code Issues Projects Releases Packages Wiki Activity

gh-91783: Document security considerations for shutil.unpack_archive (GH-91844)

Browse source 
(cherry picked from commit 4b297a9ffd)

Co-authored-by: Sam Ezeh <sam.z.ezeh@gmail.com>
This commit is contained in:
Miss Islington (bot) 2022-05-02 10:34:59 -07:00 committed by GitHub
parent 864058ba86
commit bab4d0bb16
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 9 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

8
Doc/library/shutil.rst
View file

@ -630,10 +630,16 @@ provided. They rely on the :mod:`zipfile` and :mod:`tarfile` modules.
.. audit-event:: shutil.unpack_archive filename,extract_dir,format shutil.unpack_archive
.. warning::
Never extract archives from untrusted sources without prior inspection.
It is possible that files are created outside of the path specified in
the *extract_dir* argument, e.g. members that have absolute filenames
starting with "/" or filenames with two dots "..".
.. versionchanged:: 3.7
Accepts a :term:`path-like object` for *filename* and *extract_dir*.
.. function:: register_unpack_format(name, extensions, function[, extra_args[, description]])
Registers an unpack format. *name* is the name of the format and

2
Misc/NEWS.d/next/Documentation/2022-04-23-00-22-54.gh-issue-91783.N09dRR.rst Normal file
View file

@ -0,0 +1,2 @@
Document security issues concerning the use of the function
:meth:`shutil.unpack_archive`