HEX
Server: LiteSpeed
System: Linux cpir1.prohostdns.com 4.18.0-553.123.2.lve.el8.x86_64 #1 SMP Thu May 7 23:17:13 UTC 2026 x86_64
User: pelakir (2976)
PHP: 8.2.31
Disabled: exec, shell_exec, system, passthru, proc_open, proc_close, proc_terminate, proc_get_status, popen, pclose, pcntl_exec
Upload Files
File: //opt/imunify360/venv/lib64/python3.11/site-packages/defence360agent/utils/zipsafe.py
import zipfile
from pathlib import Path


def safe_extractall(zf: zipfile.ZipFile, dest: Path) -> None:
    dest_resolved = Path(dest).resolve()
    for member in zf.namelist():
        if member.startswith(("/", "\\")):
            raise ValueError("Unsafe absolute zip member path: %r" % (member,))
        parts = Path(member).parts
        if ".." in parts:
            raise ValueError(
                "Unsafe parent-traversal zip member path: %r" % (member,)
            )
        target = (dest_resolved / member).resolve()
        if target != dest_resolved and dest_resolved not in target.parents:
            raise ValueError("Zip member escapes destination: %r" % (member,))
    zf.extractall(dest_resolved)