Skip to content

Commit

Permalink
bpo-36260: Add pitfalls to zipfile module documentation (#13378)
Browse files Browse the repository at this point in the history 
* bpo-36260: Add pitfalls to zipfile module documentation

We saw vulnerability warning description (including zip bomb) in Doc/library/xml.rst file.
This gave us the idea of documentation improvement. 

So, we moved a little bit forward :P
And the doc patch can be found (pr).

* fix trailing whitespace

* 📜🤖 Added by blurb_it.

* Reformat text for consistency.
  • Loading branch information
@krnick @jaraco
krnick authored and jaraco committed Sep 11, 2019
1 parent 5209e58 commit 3ba51d5
Show file tree
Hide file tree
Showing 2 changed files with 41 additions and 0 deletions.
40 changes: 40 additions & 0 deletions Doc/library/zipfile.rst
View file
Original file line number Diff line number Diff line change
Expand Up @@ -816,5 +816,45 @@ Command-line options

Test whether the zipfile is valid or not.

Decompression pitfalls
----------------------

The extraction in zipfile module might fail due to some pitfalls listed below.

From file itself
~~~~~~~~~~~~~~~~

Decompression may fail due to incorrect password / CRC checksum / ZIP format or
unsupported compression method / decryption.

File System limitations
~~~~~~~~~~~~~~~~~~~~~~~

Exceeding limitations on different file systems can cause decompression failed.
Such as allowable characters in the directory entries, length of the file name,
length of the pathname, size of a single file, and number of files, etc.

Resources limitations
~~~~~~~~~~~~~~~~~~~~~

The lack of memory or disk volume would lead to decompression
failed. For example, decompression bombs (aka `ZIP bomb`_)
apply to zipfile library that can cause disk volume exhaustion.

Interruption
~~~~~~~~~~~~

Interruption during the decompression, such as pressing control-C or killing the
decompression process may result in incomplete decompression of the archive.

Default behaviors of extraction
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Not knowing the default extraction behaviors
can cause unexpected decompression results.
For example, when extracting the same archive twice,
it overwrites files without asking.


.. _ZIP bomb: https://en.wikipedia.org/wiki/Zip_bomb
.. _PKZIP Application Note: https://pkware.cachefly.net/webdocs/casestudies/APPNOTE.TXT
1 change: 1 addition & 0 deletions Misc/NEWS.d/next/Documentation/2019-06-04-09-29-00.bpo-36260.WrGuc-.rst
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
Add decompression pitfalls to zipfile module documentation.

0 comments on commit 3ba51d5

Please sign in to comment.