qi-#ddlZddlZddlZddlmZddlZddlmZmZdede e e fddfdZ dded ed e fd ZGd d Zy)N)Path) ErrorMessage _unzip_iter file_pathmembersreturnctj|d5}|jD]\}}|j|| dddy#1swYyxYw)zR Create a ZIP file at file_path, with the given arcname->content mapping. wN)zipfileZipFileitemswritestr)rrzfarcnamecontents V/opt/pipecat/venv/lib/python3.12/site-packages/nltk/test/unit/test_downloader_unzip.py _make_zipr sQ C (*B '  * GW KK ) ****s +A  Azip_path extract_rootverbosecTttt|t||S)zj Convenience wrapper that runs _unzip_iter and returns the list of yielded messages (if any). r)listrstr)rrrs r_run_unzip_iterrs!  CM3|+zKTestSecureUnzip.test_normal_relative_paths_are_extracted..<sEqz!\2Epkgzfile.txtsubdirz other.txtN)rrany read_bytes)selfrrrrmessagess r(test_normal_relative_paths_are_extractedz8TestSecureUnzip.test_normal_relative_paths_are_extracted+s j()+ %$,  (G$"8\5IEHEEEEu$z1==?8KKKu$x/+=IIKxWWWrc||dz }|dz }|dz dz j}ddd}t||t||d }|Dcgc]}t|ts|}}|sJd d j d |D} d | vrd| vsJ|j rJ|dz dz jdk(sJycc}w)az An entry containing ``..`` that would escape the target directory must not be written outside the extraction root, and must cause _unzip_iter to yield an ErrorMessage. On the old implementation (extractall(root)), this test will fail because the file outside the root is actually created and no ErrorMessage is yielded. zzip_slip_parent.zipr!z..z outside.txtokevil) pkg/good.txtz../outside.txtFrz@Expected an ErrorMessage for a Zip-Slip parent-directory attempt c3FK|]}t|jywr$rmessager's rr*z[TestSecureUnzip.test_zip_slip_with_parent_directory_component_is_blocked..fs$FS^$F!Zip Slipblockedr,good.txtN)resolverrr&rjoinexistsr/) r0rrroutside_targetrr1r)err_msgscombined_messagess r8test_zip_slip_with_parent_directory_component_is_blockedzHTestSecureUnzip.test_zip_slip_with_parent_directory_component_is_blockedAs33)+ '- =FFH"%  (G$"8\5I (G!:a+FAGG  N M N   HH$FX$FF..9@Q3QQQ"((***u$z1==?5HHHHs B9B9winz2Absolute POSIX paths are not meaningful on Windows)reasonc||dz }|dz }tddtjz } ddt|di}t ||t ||d }|Dcgc]}t |ts|}}|sJd d jd |D} d | vrd| vsJ|jrJ|dz dz jdk(sJ |jr |jyycc}w#t$rYywxYw#|jr! |jw#t$rYwwxYwwxYw)af An entry with an absolute POSIX path (e.g. ``/tmp/evil``) must not be extracted as-is; it should not overwrite arbitrary filesystem paths, and should result in an ErrorMessage. On the old implementation (extractall(root)), this test will fail because the absolute path gets created without any ErrorMessage. zzip_slip_abs_posix.zipr!z/tmpnltk_zip_slip_test_r6r4r5Frz;Expected an ErrorMessage for absolute-path Zip-Slip attemptr7c3FK|]}t|jywr$r9r's rr*zTTestSecureUnzip.test_zip_slip_with_absolute_posix_path_is_blocked..s(JAQYY(Jr;r<r=r,r>N) rosgetpidrrrr&rr@rAr/unlinkOSError) r0rrrabsolute_targetrr1r)rCrDs r1test_zip_slip_with_absolute_posix_path_is_blockedzATestSecureUnzip.test_zip_slip_with_absolute_posix_path_is_blockedosy66)+ v,+>ryy{m)LL O$g G h (&xuMH#+Kaz!\/JKHK ML M!$(J(J J !22yDU7U UU'--/ //!5(:5AACuL LL%%'#**,(!L&%%'#**,(sZ-DC42C46AD"C94D9 DDD;D+*D;+ D74D;6D77D;cttdstjd|dz }|dz }|dz }|j |dz }ddd }t |||j tj ||d z t||d }|jrJ|d z dz jdk(sJtd|DsJy)a' If there is a pre-existing symlink below the extraction root that points outside the root, writing through that symlink should not be allowed to escape the root. This test documents the desired hardening to defend against this class of attacks. symlinkz'Symlinks not supported on this platformzzip_slip_symlink.zipr! outside_dirzevil.txtr4r5)r6zdir_link/evil.txtdir_linkFrr,r>c3<K|]}t|tywr$r%r's rr*z]TestSecureUnzip.test_entries_resolved_outside_root_are_blocked_via_symlink..A1:a.Ar+N) hasattrrKpytestskipmkdirrrRrrAr/r.)r0rrrrSrBrr1s r:test_entries_resolved_outside_root_are_blocked_via_symlinkzJTestSecureUnzip.test_entries_resolved_outside_root_are_blocked_via_symlinksr9% KKA B44)+ . $z1"!(  (G$ ; z 9:"8\5I"((***u$z1==?5HHHAAAAArc|dz }|jd|dz }t||d}td|DsJ|jrt|j rJyy)z A corrupt or non-zip file should cause _unzip_iter to yield an ErrorMessage instead of raising an unhandled exception. z not_a_zip.txtsthis is not a zip archiver!Frc3<K|]}t|tywr$r%r's rr*zGTestSecureUnzip.test_bad_zipfile_yields_errormessage..rVr+N) write_bytesrr.rAiterdir)r0rrrr1s r$test_bad_zipfile_yields_errormessagez4TestSecureUnzip.test_bad_zipfile_yields_errormessagesv o-9:)+ "8\5IAAAAA    <//12 222 !rc|dz }|dz }ddi}t||t||d|j}d|jvsJy) z When verbose=True, _unzip_iter should write a status line to stdout. This checks that existing user-visible behaviour is preserved. z verbose.zipr!r"sdataTr UnzippingN)rr readouterrout)r0capsysrrrrcaptureds r(test_unzip_iter_verbose_writes_to_stdoutz8TestSecureUnzip.test_unzip_iter_verbose_writes_to_stdoutsX m+)+ !7+(G$,=$$&hll***r)__name__ __module__ __qualname____doc__rr2rErXmarkskipifsysplatform startswithrPr[r`rgrrrrs XX$X,,I,I ,I\ [[ &C/$/SW/ /b$B$B $BL3T3d3$ + +RV +rr)F)rKrnr pathlibrrXnltk.downloaderrrdictrbytesrboolrrrqrrrwsd  5**S%Z(8*T*PdP$PPM+M+r