orhan/test
1
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Run pre-commit

Browse Source
This commit is contained in:
gagb
2024-12-18 11:46:39 -08:00
parent 6e4caac70d
commit 5fc70864f2
1 changed files with 8 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
src/markitdown/_markitdown.py
View File

@@ -1144,9 +1144,14 @@ class ZipConverter(DocumentConverter):
# Safeguard against path traversal # Safeguard against path traversal
for member in zipObj.namelist(): for member in zipObj.namelist():
member_path = os.path.normpath(os.path.join(extraction_dir, member)) member_path = os.path.normpath(os.path.join(extraction_dir, member))
if not os.path.commonprefix([extraction_dir, member_path]) == extraction_dir: if (
raise ValueError(f"Path traversal detected in zip file: {member}") not os.path.commonprefix([extraction_dir, member_path])
== extraction_dir
):
raise ValueError(
f"Path traversal detected in zip file: {member}"
)
# Extract all files safely # Extract all files safely
zipObj.extractall(path=extraction_dir) zipObj.extractall(path=extraction_dir)