File: //opt/imunify360/venv/lib64/python3.11/site-packages/defence360agent/utils/zipsafe.py
import zipfile
from pathlib import Path
def safe_extractall(zf: zipfile.ZipFile, dest: Path) -> None:
dest_resolved = Path(dest).resolve()
for member in zf.namelist():
if member.startswith(("/", "\\")):
raise ValueError("Unsafe absolute zip member path: %r" % (member,))
parts = Path(member).parts
if ".." in parts:
raise ValueError(
"Unsafe parent-traversal zip member path: %r" % (member,)
)
target = (dest_resolved / member).resolve()
if target != dest_resolved and dest_resolved not in target.parents:
raise ValueError("Zip member escapes destination: %r" % (member,))
zf.extractall(dest_resolved)