[Python-checkins] cpython (2.7): Preserve backslashes in malicious zip files for testing issue #6972.
serhiy.storchaka
python-checkins at python.org
Sat Feb 2 17:35:42 CET 2013
http://hg.python.org/cpython/rev/5a68052b52ea
changeset: 81932:5a68052b52ea
branch: 2.7
user: Serhiy Storchaka <storchaka at gmail.com>
date: Sat Feb 02 18:34:57 2013 +0200
summary:
Preserve backslashes in malicious zip files for testing issue #6972.
files:
Lib/test/test_zipfile.py | 7 ++++++-
1 files changed, 6 insertions(+), 1 deletions(-)
diff --git a/Lib/test/test_zipfile.py b/Lib/test/test_zipfile.py
--- a/Lib/test/test_zipfile.py
+++ b/Lib/test/test_zipfile.py
@@ -461,12 +461,17 @@
hacknames.extend([
('//foo/bar', 'foo/bar'),
('../../foo../../ba..r', 'foo../ba..r'),
+ (r'foo/..\bar', r'foo/..\bar'),
])
for arcname, fixedname in hacknames:
content = b'foobar' + arcname.encode()
with zipfile.ZipFile(TESTFN2, 'w', zipfile.ZIP_STORED) as zipfp:
- zipfp.writestr(arcname, content)
+ zinfo = zipfile.ZipInfo()
+ # preserve backslashes
+ zinfo.filename = arcname
+ zinfo.external_attr = 0o600 << 16
+ zipfp.writestr(zinfo, content)
targetpath = os.path.join('target', 'subdir', 'subsub')
correctfile = os.path.join(targetpath, *fixedname.split('/'))
--
Repository URL: http://hg.python.org/cpython
More information about the Python-checkins
mailing list