luciano/markitdown
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
265 commits 7 branches 14 tags 21 MiB
Commit graph

4 commits

Author SHA1 Message Date
Sugato Ray
6f3c762526
Merge branch 'main' into update_commandline_help 2024-12-18 17:50:07 -05:00
Sugato Ray
1384e80725 update .gitignore to exclude .vscode folder 2024-12-18 21:46:06 +00:00
Joel Esler
6e4caac70d Safeguard against path traversal for ZipConverter 
fix: prevent path traversal vulnerabilities in ZipConverter

Added a secure check for path traversal vulnerabilities in the ZipConverter class.
Now validates extracted file paths using `os.path.commonprefix` to ensure all files
remain within the intended extraction directory. Raises a `ValueError` if a
path traversal attempt is detected.

- Normalized file paths using `os.path.normpath`.
- Added specific exception handling for `zipfile.BadZipFile` and traversal errors.
- Ensured cleanup of extracted files after processing when `cleanup_extracted` is enabled.
 2024-12-18 13:12:55 -05:00
microsoft-github-operations[bot]
f454a6d3c8
Initial commit 2024-11-13 19:56:40 +00:00