summaryrefslogtreecommitdiffstats
path: root/Doc/library/tarfile.rst
diff options
context:
space:
mode:
Diffstat (limited to 'Doc/library/tarfile.rst')
-rw-r--r--Doc/library/tarfile.rst11
1 files changed, 11 insertions, 0 deletions
diff --git a/Doc/library/tarfile.rst b/Doc/library/tarfile.rst
index a48a829..85c0674 100644
--- a/Doc/library/tarfile.rst
+++ b/Doc/library/tarfile.rst
@@ -338,6 +338,13 @@ object, see :ref:`tarinfo-objects` for details.
reset each time a file is created in it. And, if a directory's permissions do
not allow writing, extracting files to it will fail.
+ .. warning::
+
+ Never extract archives from untrusted sources without prior inspection.
+ It is possible that files are created outside of *path*, e.g. members
+ that have absolute filenames starting with ``"/"`` or filenames with two
+ dots ``".."``.
+
.. versionadded:: 2.5
@@ -354,6 +361,10 @@ object, see :ref:`tarinfo-objects` for details.
are some issues you must take care of yourself. See the description for
:meth:`extractall` above.
+ .. warning::
+
+ See the warning for :meth:`extractall`.
+
.. method:: TarFile.extractfile(member)
generated by cgit v0.12 at 2025-02-10 11:41:41 (GMT)