Issue
I am using the built-in ZipFile
and it's testzip()
method to verify if some user provided zip files are valid.
Unfortunately ZipFile seems to apply additional heuristics, as it accepts for example ZIP files that don't directly start with the Zip header PK\x03\x04
. Instead it seems to search the whole file for this header which is unwanted and thus also accepts ZIP files which start with binary "garbage" appended with a ZIP archive.
Is there a way change ZipFile
in some sort of "strict" mode where it only accepts plain 100% valid ZIP files?
Environment: Python 3.6 (on Ubuntu 18.04)
Solution
In the end I just added the check that was actually missing in the Python ZipFile implementation: The file have to start with the ZIP file header magic bytes:
# test if the file has at least some bytes
if file_size < 10:
raise BadZipFile() # file is too small to be a valid ZIP file
with open(uploaded_file, "rb") as f:
header = f.read(4)
if not header == b'PK\x03\x04':
raise BadZipFile()
Answered By - JMax
0 comments:
Post a Comment
Note: Only a member of this blog may post a comment.