Unzipping directory structure with python

Question

I have a zip file which contains the following directory structure:

dir1\\dir2\\dir3a
dir1\\dir2\\dir3b

I\'m trying to unzip it and maintai

Answer 1

Don't trust extract() or extractall().

These methods blindly extract files to the paths given in their filenames. But ZIP filenames can be anything at all, including dangerous strings like “x/../../../etc/passwd”. Extract such files and you could have just compromised your entire server.

Maybe this should be considered a reportable security hole in Python's zipfile module, but any number of zip-dearchivers have exhibited the exact same behaviour in the past. To unarchive a ZIP file with folder structure safely you need in-depth checking of each file path.