[issue42096] zipfile.is_zipfile incorrectly identifying a gzipped file as a zip archive
STINNER Victor
report at bugs.python.org
Mon Oct 26 23:07:16 EDT 2020
STINNER Victor <vstinner at python.org> added the comment:
ZipFile.open() checks the first 4 bytes:
# Skip the file header:
fheader = zef_file.read(sizeFileHeader)
if len(fheader) != sizeFileHeader:
raise BadZipFile("Truncated file header")
fheader = struct.unpack(structFileHeader, fheader)
if fheader[_FH_SIGNATURE] != stringFileHeader:
raise BadZipFile("Bad magic number for file header")
But is_zipfile() does not. Code could be shared for that.
.gz and .zip files don't start by the same bytes, so this check should reduce the number of false positives.
--
You may have a look at the validate() methods of my old Hachoir project, they check a few bytes to check if a file looks a valid gzip or ZIP archive.
gzip:
https://github.com/vstinner/hachoir/blob/0f56883d7cea7082e784bfbdd2882e0f2dd2f34b/hachoir/parser/archive/gzip_parser.py#L51-L62
zip:
https://github.com/vstinner/hachoir/blob/0f56883d7cea7082e784bfbdd2882e0f2dd2f34b/hachoir/parser/archive/zip.py#L411-L430
----------
_______________________________________
Python tracker <report at bugs.python.org>
<https://bugs.python.org/issue42096>
_______________________________________
More information about the Python-bugs-list
mailing list