Allow filename mismatch in local and central directories in zipfile.py by zyxtarmo · Pull Request #3035 · python/cpython (original) (raw)
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.Learn more about bidirectional Unicode characters
[ Show hidden characters]({{ revealButtonHref }})
During malware research I bumped int problem with my Python based file analyzer: miscreants are modifying ZIP file header parts so, that python based automated analysis tools are unable to process the contents but intended clients are able to open the files with end-user applications and extract the possibly malicious contents. Proposed patch makes it possible to process the ZIP files even if such conditions occur. Default behavior remains the same (raise BadZipFile exception).
The problem: miscreants are modifying ZIP file header parts so, that python based automated analysis tools are unable to process the contents but intended clients are able to open the files and extract the possibly malicious contents. Proposed patch makes it possible to process the ZIP files if such conditions occur. Default behavior remains the same (raise BadZipFile exception).
Permit filename mismatch in local and central directories in zipfile.py
Hello, and thanks for your contribution!
I'm a bot set up to make sure that the project can legally accept your contribution by verifying you have signed the PSF contributor agreement (CLA).
Unfortunately we couldn't find an account corresponding to your GitHub username on bugs.python.org (b.p.o) to verify you have signed the CLA (this might be simply due to a missing "GitHub Name" entry in your b.p.o account settings). This is necessary for legal reasons before we can look at your contribution. Please follow the steps outlined in the CPython devguide to rectify this issue.
Thanks again to your contribution and we look forward to looking at it!
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Please open an issue on the bug tracker for discussion.
A Python core developer has requested some changes be made to your pull request before we can consider merging it. If you could please address their requests along with any other requests in other reviews from core developers that would be appreciated.
Once you have made the requested changes, please leave a comment on this pull request containing the phrase I have made the requested changes; please review again. I will then notify any core developers who have left a review that you're ready for them to take another look at this pull request.
I'm going to close this as there hasn't been any response to the code review. It can reopened or a new pull request can be created to continue with the change. Thank you!
