[issue42096] zipfile.is_zipfile incorrectly identifying a gzipped file as a zip archive

STINNER Victor Mon, 26 Oct 2020 20:08:02 -0700


STINNER Victor <[email protected]> added the comment:


ZipFile.open() checks the first 4 bytes:

            # Skip the file header:
            fheader = zef_file.read(sizeFileHeader)
            if len(fheader) != sizeFileHeader:
                raise BadZipFile("Truncated file header")
            fheader = struct.unpack(structFileHeader, fheader)
            if fheader[_FH_SIGNATURE] != stringFileHeader:
                raise BadZipFile("Bad magic number for file header")

But is_zipfile() does not. Code could be shared for that.

.gz and .zip files don't start by the same bytes, so this check should reduce 
the number of false positives.

--

You may have a look at the validate() methods of my old Hachoir project, they 
check a few bytes to check if a file looks a valid gzip or ZIP archive.

gzip:

https://github.com/vstinner/hachoir/blob/0f56883d7cea7082e784bfbdd2882e0f2dd2f34b/hachoir/parser/archive/gzip_parser.py#L51-L62

zip:

https://github.com/vstinner/hachoir/blob/0f56883d7cea7082e784bfbdd2882e0f2dd2f34b/hachoir/parser/archive/zip.py#L411-L430

----------

_______________________________________
Python tracker <[email protected]>
<https://bugs.python.org/issue42096>
_______________________________________
_______________________________________________
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue42096] zipfile.is_zipfile incorrectly identifying a gzipped file as a zip archive

Reply via email to