Skip to content
Snippets Groups Projects
Unverified Commit bab4d0bb authored by Miss Islington (bot)'s avatar Miss Islington (bot) Committed by GitHub
Browse files

gh-91783: Document security considerations for shutil.unpack_archive (GH-91844)


(cherry picked from commit 4b297a9f)

Co-authored-by: default avatarSam Ezeh <sam.z.ezeh@gmail.com>
parent 864058ba
Branches
Tags
No related merge requests found
...@@ -630,10 +630,16 @@ provided. They rely on the :mod:`zipfile` and :mod:`tarfile` modules. ...@@ -630,10 +630,16 @@ provided. They rely on the :mod:`zipfile` and :mod:`tarfile` modules.
.. audit-event:: shutil.unpack_archive filename,extract_dir,format shutil.unpack_archive .. audit-event:: shutil.unpack_archive filename,extract_dir,format shutil.unpack_archive
.. warning::
Never extract archives from untrusted sources without prior inspection.
It is possible that files are created outside of the path specified in
the *extract_dir* argument, e.g. members that have absolute filenames
starting with "/" or filenames with two dots "..".
.. versionchanged:: 3.7 .. versionchanged:: 3.7
Accepts a :term:`path-like object` for *filename* and *extract_dir*. Accepts a :term:`path-like object` for *filename* and *extract_dir*.
.. function:: register_unpack_format(name, extensions, function[, extra_args[, description]]) .. function:: register_unpack_format(name, extensions, function[, extra_args[, description]])
Registers an unpack format. *name* is the name of the format and Registers an unpack format. *name* is the name of the format and
......
Document security issues concerning the use of the function
:meth:`shutil.unpack_archive`
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment