Skip to content

zipfile.extractall security warning in the docs, can it be removed yet? #102686

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
esharf opened this issue Mar 14, 2023 · 3 comments
Closed

zipfile.extractall security warning in the docs, can it be removed yet? #102686

esharf opened this issue Mar 14, 2023 · 3 comments
Labels
docs Documentation in the Doc dir

Comments

@esharf
Copy link

esharf commented Mar 14, 2023

Documentation

In the zipfile docs in the ZipFile.extractall there is a warning.

the story of this warning is that #51221 was represented and fixed.
but in this comment the decision was to leave this warning for people checking the latest docs even if the python version that they are using is not the latest.

but since this is already fixed on 2013 I think it's time to remove it.
@esharf esharf added the docs Documentation in the Doc dir label Mar 14, 2023
@hugovk hugovk added stdlib Python modules in the Lib dir and removed stdlib Python modules in the Lib dir labels Mar 14, 2023
@hugovk
Copy link
Member

hugovk commented Mar 14, 2023

@gpshead @serhiy-storchaka: shall we remove this warning?

image

https://docs.python.org/3/library/zipfile.html#zipfile.ZipFile.extractall

@gpshead
Copy link
Member

gpshead commented Mar 14, 2023

Lets leave it for a little while longer, I want to see an API similar to the tarfile.extractall https://peps.python.org/pep-0706/ security work land in zipfile and the requisite more in depth look and re-review of our implementation before we stop cautioning our users. For consistency and just to be on the safe side.

@gpshead gpshead changed the title zipfile warning is not updated zipfile.extractall security warning in the docs, can it be removed yet? Mar 14, 2023
@gpshead
Copy link
Member

gpshead commented Dec 21, 2023

I'm going to close this issue as the docs should be updated to remove warnings when implementing mitigation style features. There are also other semi-related reasons for warnings in the zipfile docs such as zip bombs (#109858) that still exist.

@gpshead gpshead closed this as not planned Won't fix, can't repro, duplicate, stale Dec 21, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
docs Documentation in the Doc dir
Projects
Zipfile issues
Status: Done
Milestone
No milestone
Development

No branches or pull requests
3 participants
@gpshead @hugovk @esharf