Rooba
/
cpython
mirror of https://github.com/python/cpython.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

bpo-36260: Add pitfalls to zipfile module documentation (#13378) 

* bpo-36260: Add pitfalls to zipfile module documentation

We saw vulnerability warning description (including zip bomb) in Doc/library/xml.rst file.
This gave us the idea of documentation improvement. 

So, we moved a little bit forward :P
And the doc patch can be found (pr).

* fix trailing whitespace

* 📜🤖 Added by blurb_it.

* Reformat text for consistency.
This commit is contained in:
JunWei Song 2019-09-11 23:04:12 +08:00 committed by Jason R. Coombs
parent 5209e586b7
commit 3ba51d587f
2 changed files with 41 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

40
Doc/library/zipfile.rst
View File

@ -816,5 +816,45 @@ Command-line options
Test whether the zipfile is valid or not.
Decompression pitfalls
----------------------
The extraction in zipfile module might fail due to some pitfalls listed below.
From file itself
~~~~~~~~~~~~~~~~
Decompression may fail due to incorrect password / CRC checksum / ZIP format or
unsupported compression method / decryption.
File System limitations
~~~~~~~~~~~~~~~~~~~~~~~
Exceeding limitations on different file systems can cause decompression failed.
Such as allowable characters in the directory entries, length of the file name,
length of the pathname, size of a single file, and number of files, etc.
Resources limitations
~~~~~~~~~~~~~~~~~~~~~
The lack of memory or disk volume would lead to decompression
failed. For example, decompression bombs (aka `ZIP bomb`_)
apply to zipfile library that can cause disk volume exhaustion.
Interruption
~~~~~~~~~~~~
Interruption during the decompression, such as pressing control-C or killing the
decompression process may result in incomplete decompression of the archive.
Default behaviors of extraction
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Not knowing the default extraction behaviors
can cause unexpected decompression results.
For example, when extracting the same archive twice,
it overwrites files without asking.
.. _ZIP bomb: https://en.wikipedia.org/wiki/Zip_bomb
.. _PKZIP Application Note: https://pkware.cachefly.net/webdocs/casestudies/APPNOTE.TXT

1
Misc/NEWS.d/next/Documentation/2019-06-04-09-29-00.bpo-36260.WrGuc-.rst Normal file
View File

@ -0,0 +1 @@
Add decompression pitfalls to zipfile module documentation.