Zipfile with leading slashes #87232

garrisontaylor · 2021-01-29T20:28:48Z

BPO	43066
Nosy	@ambv, @miss-islington, @FFY00, @akulakov
PRs	[doc] bpo-43066: Zipfile - add note on leading slash in the filename arg #26899 [3.10] [doc] bpo-43066: zipfile - add note on leading slash in the filename arg (GH-26899) #27605 [3.9] [doc] bpo-43066: zipfile - add note on leading slash in the filename arg (GH-26899) #27606

^{Note: these values reflect the state of the issue at the time it was migrated and might not reflect the current state.}

Show more details

GitHub fields:

assignee = None
closed_at = <Date 2021-08-04.20:02:09.723>
created_at = <Date 2021-01-29.20:28:48.419>
labels = ['type-bug', 'library', '3.9', '3.10', '3.11']
title = 'Zipfile with leading slashes'
updated_at = <Date 2021-08-04.20:02:09.722>
user = 'https://bugs.python.org/garrisontaylor'

bugs.python.org fields:

activity = <Date 2021-08-04.20:02:09.722>
actor = 'lukasz.langa'
assignee = 'none'
closed = True
closed_date = <Date 2021-08-04.20:02:09.723>
closer = 'lukasz.langa'
components = ['Library (Lib)']
creation = <Date 2021-01-29.20:28:48.419>
creator = 'garrison.taylor'
dependencies = []
files = []
hgrepos = []
issue_num = 43066
keywords = ['patch']
message_count = 7.0
messages = ['385934', '396187', '396489', '398943', '398946', '398947', '398948']
nosy_count = 5.0
nosy_names = ['lukasz.langa', 'miss-islington', 'FFY00', 'andrei.avk', 'garrison.taylor']
pr_nums = ['26899', '27605', '27606']
priority = 'normal'
resolution = 'fixed'
stage = 'resolved'
status = 'closed'
superseder = None
type = 'behavior'
url = 'https://bugs.python.org/issue43066'
versions = ['Python 3.9', 'Python 3.10', 'Python 3.11']

garrisontaylor · 2021-01-29T20:28:48Z

Currently the zipfile library allows you to create invalid zip files. The following code is an example:

from zipfile import ZipFile
import tempfile
temporary_file = tempfile.NamedTemporaryFile()
my_zip = ZipFile(temporary_file.name, 'w')
my_zip.writestr('/some_folder/some_file.txt', 'Some content')
my_zip.close()

The generated zipfile contains "/some_folder/some_file.txt". However, according to the specification for zip files, this is invalid. See below, from the .ZIP File Format Specification version 6.3.9:

   4.4.17.1 The name of the file, with optional relative path.
   The path stored MUST NOT contain a drive or
   device letter, or a leading slash.  All slashes
   MUST be forward slashes '/' as opposed to
   backwards slashes '\' for compatibility with Amiga
   and UNIX file systems etc.  If input came from standard
   input, there is no file name field.

This is significant because the default Windows Explorer zip file extractor cannot handle zip files that contain a leading slash, producing an error that "The compressed (zipped) folder is invalid."

akulakov · 2021-06-20T19:21:07Z

I propose fixing this in documentation.

Raising an error is probably not warranted because zip files are often created on one system and used on another, so you can't raise an error based on current OS, and having a leading slash in the name is both useful and does work in MacOS and Unix. It probably works in some unzip programs on Windows as well (if anyone can test that would be great).

Therefore I propose adding the following notes to ZipInfo, ZipFile.write() and ZipFile.writestr():

Note: a leading slash in the archive / filename may lead to the archive being un-openable in some zip programs on Windows systems.

If that sounds good I can make a PR.

garrisontaylor · 2021-06-24T14:12:39Z

That addition to the documentation sounds appropriate to me. Thanks!

ambv · 2021-08-04T19:35:03Z

New changeset 7c5dab4 by andrei kulakov in branch 'main':
[doc] bpo-43066: zipfile - add note on leading slash in the filename arg (GH-26899)
7c5dab4

miss-islington · 2021-08-04T19:59:11Z

New changeset 98f6a72 by Miss Islington (bot) in branch '3.10':
[doc] bpo-43066: zipfile - add note on leading slash in the filename arg (GH-26899)
98f6a72

ambv · 2021-08-04T20:00:58Z

New changeset 1a2c0ec by Miss Islington (bot) in branch '3.9':
[doc] bpo-43066: zipfile - add note on leading slash in the filename arg (GH-26899) (GH-27606)
1a2c0ec

ambv · 2021-08-04T20:02:10Z

Thanks for the report, Garrison. And Andrei for the patch! ✨ 🍰 ✨

garrisontaylor mannequin added 3.9 only security fixes stdlib Python modules in the Lib dir type-bug An unexpected behavior, bug, or error labels Jan 29, 2021

ambv added 3.10 only security fixes 3.11 only security fixes labels Aug 4, 2021

ambv closed this as completed Aug 4, 2021

ambv added 3.10 only security fixes 3.11 only security fixes labels Aug 4, 2021

ambv closed this as completed Aug 4, 2021

ezio-melotti transferred this issue from another repository Apr 10, 2022

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Zipfile with leading slashes #87232

Zipfile with leading slashes #87232

garrisontaylor mannequin commented Jan 29, 2021

garrisontaylor mannequin commented Jan 29, 2021

akulakov commented Jun 20, 2021

garrisontaylor mannequin commented Jun 24, 2021

ambv commented Aug 4, 2021

miss-islington commented Aug 4, 2021

ambv commented Aug 4, 2021

ambv commented Aug 4, 2021

Zipfile with leading slashes #87232

Zipfile with leading slashes #87232

Comments

garrisontaylor mannequin commented Jan 29, 2021

garrisontaylor mannequin commented Jan 29, 2021

akulakov commented Jun 20, 2021

garrisontaylor mannequin commented Jun 24, 2021

ambv commented Aug 4, 2021

miss-islington commented Aug 4, 2021

ambv commented Aug 4, 2021

ambv commented Aug 4, 2021