diff options
| author | JunWei Song <sungboss2004@gmail.com> | 2019-09-11 15:04:12 (GMT) |
|---|---|---|
| committer | Jason R. Coombs <jaraco@jaraco.com> | 2019-09-11 15:04:11 (GMT) |
| commit | 3ba51d587f6897a45301ce9126300c14fcd4eba2 (patch) | |
| tree | d1cf636c71981d4ca5f884d981538b37e18212f1 /Doc | |
| parent | 5209e586b7cac9a43b2c44349a26b1b0af06ead3 (diff) | |
| download | cpython-3ba51d587f6897a45301ce9126300c14fcd4eba2.zip cpython-3ba51d587f6897a45301ce9126300c14fcd4eba2.tar.gz cpython-3ba51d587f6897a45301ce9126300c14fcd4eba2.tar.bz2 | |
bpo-36260: Add pitfalls to zipfile module documentation (#13378)
* bpo-36260: Add pitfalls to zipfile module documentation
We saw vulnerability warning description (including zip bomb) in Doc/library/xml.rst file.
This gave us the idea of documentation improvement.
So, we moved a little bit forward :P
And the doc patch can be found (pr).
* fix trailing whitespace
* 📜🤖 Added by blurb_it.
* Reformat text for consistency.
Diffstat (limited to 'Doc')
| -rw-r--r-- | Doc/library/zipfile.rst | 40 |
1 files changed, 40 insertions, 0 deletions
diff --git a/Doc/library/zipfile.rst b/Doc/library/zipfile.rst index 9db9697..18d2e9a 100644 --- a/Doc/library/zipfile.rst +++ b/Doc/library/zipfile.rst @@ -816,5 +816,45 @@ Command-line options Test whether the zipfile is valid or not. +Decompression pitfalls +---------------------- + +The extraction in zipfile module might fail due to some pitfalls listed below. + +From file itself +~~~~~~~~~~~~~~~~ + +Decompression may fail due to incorrect password / CRC checksum / ZIP format or +unsupported compression method / decryption. + +File System limitations +~~~~~~~~~~~~~~~~~~~~~~~ + +Exceeding limitations on different file systems can cause decompression failed. +Such as allowable characters in the directory entries, length of the file name, +length of the pathname, size of a single file, and number of files, etc. + +Resources limitations +~~~~~~~~~~~~~~~~~~~~~ + +The lack of memory or disk volume would lead to decompression +failed. For example, decompression bombs (aka `ZIP bomb`_) +apply to zipfile library that can cause disk volume exhaustion. + +Interruption +~~~~~~~~~~~~ + +Interruption during the decompression, such as pressing control-C or killing the +decompression process may result in incomplete decompression of the archive. + +Default behaviors of extraction +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +Not knowing the default extraction behaviors +can cause unexpected decompression results. +For example, when extracting the same archive twice, +it overwrites files without asking. + +.. _ZIP bomb: https://en.wikipedia.org/wiki/Zip_bomb .. _PKZIP Application Note: https://pkware.cachefly.net/webdocs/casestudies/APPNOTE.TXT |