Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Implement zipfile.Path.is_symlink #119588

Closed
jaraco opened this issue May 27, 2024 · 2 comments
Closed

Implement zipfile.Path.is_symlink #119588

jaraco opened this issue May 27, 2024 · 2 comments

Comments

@jaraco
Copy link
Member

jaraco commented May 27, 2024
edited by bedevere-app bot
Loading

In jaraco/zipp#117, I learned that the current implementation of is_symlink might have a security risk if a user is relying on it to ensure that a zipfile has no symlinks before using another tool to extract it.

zipp 3.19.0 adds an implementation for Path.is_symlink to alleviate this risk.

CPython should adopt this change as well, possibly as a security fix.

Linked PRs
jaraco added a commit to jaraco/cpython that referenced this issue May 27, 2024
@jaraco
pythongh-119588: Implement zipfile.Path.is_symlink (zipp 3.19.0).
f9cf590
@jaraco
Copy link
Member Author

jaraco commented May 27, 2024

The is_symlink was added in Python 3.12 (#102018) (note the backports of that PR only included one bugfix), so this change can be backported to Python 3.12 as a bugfix (no need to flag as a security fix).

jaraco added a commit to jaraco/cpython that referenced this issue May 27, 2024
@jaraco
pythongh-119588: Implement zipfile.Path.is_symlink (zipp 3.19.0).
48b69a0
@bedevere-app bedevere-app bot mentioned this issue May 27, 2024
Merged
jaraco added a commit that referenced this issue Jun 3, 2024
@jaraco
gh-119588: Implement zipfile.Path.is_symlink (zipp 3.19.0). (#119591)
42a34dd
miss-islington pushed a commit to miss-islington/cpython that referenced this issue Jun 3, 2024
@jaraco @miss-islington
pythongh-119588: Implement zipfile.Path.is_symlink (zipp 3.19.0). (py…
094c41e 
…thonGH-119591)

(cherry picked from commit 42a34dd)

Co-authored-by: Jason R. Coombs <jaraco@jaraco.com>
This was referenced Jun 3, 2024
Merged
Closed
mliezun pushed a commit to mliezun/cpython that referenced this issue Jun 3, 2024
@jaraco @mliezun
pythongh-119588: Implement zipfile.Path.is_symlink (zipp 3.19.0). (py…
578b6ce 
…thon#119591)
jaraco added a commit that referenced this issue Jun 4, 2024
@miss-islington @jaraco
[3.13] gh-119588: Implement zipfile.Path.is_symlink (zipp 3.19.0). (G…
34a6d89 
…H-119591) (#119985)

gh-119588: Implement zipfile.Path.is_symlink (zipp 3.19.0). (GH-119591)
(cherry picked from commit 42a34dd)

Co-authored-by: Jason R. Coombs <jaraco@jaraco.com>
jaraco added a commit to jaraco/cpython that referenced this issue Jun 4, 2024
@jaraco
pythongh-119588: Update docs to reflect decision to include the chang…
ddb3dbe 
…e with Python 3.13 and not 3.12.
@bedevere-app bedevere-app bot mentioned this issue Jun 4, 2024
Merged
jaraco added a commit that referenced this issue Jun 4, 2024
@jaraco
gh-119588: Update docs to reflect decision to include the change with…
4dcd91c 
… Python 3.13 and not 3.12. (#120043)
miss-islington pushed a commit to miss-islington/cpython that referenced this issue Jun 4, 2024
@jaraco @miss-islington
pythongh-119588: Update docs to reflect decision to include the chang…
8589ca7 
…e with Python 3.13 and not 3.12. (pythonGH-120043)

(cherry picked from commit 4dcd91c)

Co-authored-by: Jason R. Coombs <jaraco@jaraco.com>
@bedevere-app bedevere-app bot mentioned this issue Jun 4, 2024
Merged
jaraco added a commit that referenced this issue Jun 4, 2024
@miss-islington @jaraco
[3.13] gh-119588: Update docs to reflect decision to include the chan…
6725c78 
…ge with Python 3.13 and not 3.12. (GH-120043) (#120046)

gh-119588: Update docs to reflect decision to include the change with Python 3.13 and not 3.12. (GH-120043)
(cherry picked from commit 4dcd91c)

Co-authored-by: Jason R. Coombs <jaraco@jaraco.com>
barneygale pushed a commit to barneygale/cpython that referenced this issue Jun 5, 2024
@jaraco @barneygale
pythongh-119588: Implement zipfile.Path.is_symlink (zipp 3.19.0). (py…
25d0a68 
…thon#119591)
barneygale pushed a commit to barneygale/cpython that referenced this issue Jun 5, 2024
@jaraco @barneygale
pythongh-119588: Update docs to reflect decision to include the chang…
d34608d 
…e with Python 3.13 and not 3.12. (python#120043)
noahbkim pushed a commit to hudson-trading/cpython that referenced this issue Jul 11, 2024
@jaraco @noahbkim
pythongh-119588: Implement zipfile.Path.is_symlink (zipp 3.19.0). (py…
57f461d 
…thon#119591)
noahbkim pushed a commit to hudson-trading/cpython that referenced this issue Jul 11, 2024
@jaraco @noahbkim
pythongh-119588: Update docs to reflect decision to include the chang…
2a52fdc 
…e with Python 3.13 and not 3.12. (python#120043)
estyxx pushed a commit to estyxx/cpython that referenced this issue Jul 17, 2024
@jaraco @estyxx
pythongh-119588: Implement zipfile.Path.is_symlink (zipp 3.19.0). (py…
dd2c3f3 
…thon#119591)
estyxx pushed a commit to estyxx/cpython that referenced this issue Jul 17, 2024
@jaraco @estyxx
pythongh-119588: Update docs to reflect decision to include the chang…
200fce4 
…e with Python 3.13 and not 3.12. (python#120043)
@hugovk
Copy link
Member

hugovk commented Aug 8, 2024

Triage: closing because the PR has been merged, please re-open if still needed. Thanks!

@hugovk hugovk closed this as completed Aug 8, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
Zipfile issues
Status: Done
Milestone
No milestone
Development

No branches or pull requests
2 participants
@jaraco @hugovk