markitdown

luciano/markitdown

Fork 0

Commit graph

Author	SHA1	Message	Date
Joel Esler	6e4caac70d	Safeguard against path traversal for ZipConverter fix: prevent path traversal vulnerabilities in ZipConverter Added a secure check for path traversal vulnerabilities in the ZipConverter class. Now validates extracted file paths using `os.path.commonprefix` to ensure all files remain within the intended extraction directory. Raises a `ValueError` if a path traversal attempt is detected. - Normalized file paths using `os.path.normpath`. - Added specific exception handling for `zipfile.BadZipFile` and traversal errors. - Ensured cleanup of extracted files after processing when `cleanup_extracted` is enabled.	2024-12-18 13:12:55 -05:00
microsoft-github-operations[bot]	f454a6d3c8	Initial commit	2024-11-13 19:56:40 +00:00

Author

SHA1

Message

Date

Joel Esler

6e4caac70d

Safeguard against path traversal for ZipConverter

fix: prevent path traversal vulnerabilities in ZipConverter

Added a secure check for path traversal vulnerabilities in the ZipConverter class.
Now validates extracted file paths using `os.path.commonprefix` to ensure all files
remain within the intended extraction directory. Raises a `ValueError` if a
path traversal attempt is detected.

- Normalized file paths using `os.path.normpath`.
- Added specific exception handling for `zipfile.BadZipFile` and traversal errors.
- Ensured cleanup of extracted files after processing when `cleanup_extracted` is enabled.

2024-12-18 13:12:55 -05:00

microsoft-github-operations[bot]

f454a6d3c8

Initial commit

2024-11-13 19:56:40 +00:00

2 commits