Created on 2014-02-23 21:13 by jwilk, last changed 2021-05-21 23:22 by ned.deily.
| Messages (3) | |||
|---|---|---|---|
| msg212029 - (view) | Author: Jakub Wilk (jwilk) | Date: 2014-02-23 21:13 | |
shutil.unpack_archive() uses tarfile.extractall() under the hood, so it's not suitable for unpacking untrusted archives. But this fact is not documented. Please add a security warning to shutil.unpack_archive() documentation. |
|||
| msg242454 - (view) | Author: Mark Lawrence (BreamoreBoy) * | Date: 2015-05-03 06:50 | |
If there is an agreed standard for security warnings I'll prepare a patch for this. |
|||
| msg394170 - (view) | Author: Ned Deily (ned.deily) *  |
Date: 2021-05-21 23:22 | |
The warning from Tarfile.extractall (Doc/library/tarfile.rst -> https://docs.python.org/dev/library/tarfile.html#tarfile-objects) can be adapted for use here (Doc/library/shutil.rst -> https://docs.python.org/dev/library/shutil.html#archiving-operations). |
|||
| History | |||
|---|---|---|---|
| Date | User | Action | Args |
| 2021-05-21 23:22:48 | ned.deily | set | versions:
+ Python 3.9, Python 3.10, Python 3.11, - Python 2.7, Python 3.4, Python 3.5 nosy: + ned.deily messages: + msg394170 keywords: + easy, newcomer friendly |
| 2019-03-15 22:06:56 | BreamoreBoy | set | nosy:
- BreamoreBoy |
| 2015-05-03 06:50:15 | BreamoreBoy | set | nosy:
+ BreamoreBoy messages: + msg242454 versions: + Python 3.5, - Python 3.3 |
| 2014-02-24 20:09:19 | pitrou | set | stage: needs patch type: behavior versions: + Python 2.7, Python 3.3, Python 3.4 |
| 2014-02-23 21:13:37 | jwilk | create | |