[issue36260] Cpython/Lib vulnerability found and request a patch submission
Serhiy Storchaka
report at bugs.python.org
Tue Apr 2 07:09:02 EDT 2019
Serhiy Storchaka <storchaka+cpython at gmail.com> added the comment:
I am against such trivial methods in ZipFile. Its interface is already complicate. The advantage of Python is that you do not need tons of methods for every possible query -- you can just combine few Python features into a one-line expression.
As for the documentation change, it could be useful to add more general note about possible pitfalls. What happen when interrupt extracting or adding to the archive, what happen when extract into existing tree or overwrite an existing file, what happen when the file system does not support some file names, what happen when extract to case-insensitive file system, what happen when extract encrypted file with wrong password, etc. We do not have to tell the user what he should not do, just to warn about the possible consequences.
----------
_______________________________________
Python tracker <report at bugs.python.org>
<https://bugs.python.org/issue36260>
_______________________________________
More information about the Python-bugs-list
mailing list