diff options
| author | Serhiy Storchaka <storchaka@gmail.com> | 2013-02-02 16:34:57 (GMT) |
|---|---|---|
| committer | Serhiy Storchaka <storchaka@gmail.com> | 2013-02-02 16:34:57 (GMT) |
| commit | 05fd7441227d47eeaec2fff44da05d3149055a55 (patch) | |
| tree | f8b725493a8be8a3eb877881f51bc1cce190986b | |
| parent | eff492f4b70a1754adc871a536edae9d69640874 (diff) | |
| download | cpython-05fd7441227d47eeaec2fff44da05d3149055a55.zip cpython-05fd7441227d47eeaec2fff44da05d3149055a55.tar.gz cpython-05fd7441227d47eeaec2fff44da05d3149055a55.tar.bz2 | |
Preserve backslashes in malicious zip files for testing issue #6972.
| -rw-r--r-- | Lib/test/test_zipfile.py | 7 |
1 files changed, 6 insertions, 1 deletions
diff --git a/Lib/test/test_zipfile.py b/Lib/test/test_zipfile.py index f535e56..b5fff7f 100644 --- a/Lib/test/test_zipfile.py +++ b/Lib/test/test_zipfile.py @@ -461,12 +461,17 @@ class TestsWithSourceFile(unittest.TestCase): hacknames.extend([ ('//foo/bar', 'foo/bar'), ('../../foo../../ba..r', 'foo../ba..r'), + (r'foo/..\bar', r'foo/..\bar'), ]) for arcname, fixedname in hacknames: content = b'foobar' + arcname.encode() with zipfile.ZipFile(TESTFN2, 'w', zipfile.ZIP_STORED) as zipfp: - zipfp.writestr(arcname, content) + zinfo = zipfile.ZipInfo() + # preserve backslashes + zinfo.filename = arcname + zinfo.external_attr = 0o600 << 16 + zipfp.writestr(zinfo, content) targetpath = os.path.join('target', 'subdir', 'subsub') correctfile = os.path.join(targetpath, *fixedname.split('/')) |