Improve zipfile: add support for symlinks

[zaphodef]

BPO	37921
Nosy	@serhiy-storchaka, @zaphodef
PRs	bpo-37921: Better handle symlinks in the zipfile module #15401

^{Note: these values reflect the state of the issue at the time it was migrated and might not reflect the current state.}

Show more details

GitHub fields:

assignee = None
closed_at = None
created_at = <Date 2019-08-22.21:14:36.379>
labels = ['type-feature', 'library', '3.9']
title = 'Improve zipfile: add support for symlinks'
updated_at = <Date 2021-09-25.17:47:38.187>
user = 'https://github.com/zaphodef'

bugs.python.org fields:

activity = <Date 2021-09-25.17:47:38.187>
actor = 'serhiy.storchaka'
assignee = 'none'
closed = False
closed_date = None
closer = None
components = ['Library (Lib)']
creation = <Date 2019-08-22.21:14:36.379>
creator = 'zaphodef'
dependencies = []
files = []
hgrepos = []
issue_num = 37921
keywords = ['patch']
message_count = 4.0
messages = ['350231', '352932', '362217', '402638']
nosy_count = 3.0
nosy_names = ['serhiy.storchaka', 'Henning.von.Bargen', 'zaphodef']
pr_nums = ['15401']
priority = 'normal'
resolution = None
stage = 'patch review'
status = 'open'
superseder = None
type = 'enhancement'
url = 'https://bugs.python.org/issue37921'
versions = ['Python 3.9']

[zaphodef]

The module tarfile contains some methods for knowing whether an archive member is a regular file/a directory/a symlink. Apart from an "is_dir()" method, there was nothing alike in the zipfile module. For an on-going project, I needed to know whether an archive member was a symlink or not, to prevent zip symlinks attacks.

I thought this could be of used for other people, given I struggled a little to find a way of saying if an archive member is a symlink or not.

This is why I think adding support for symlinks in the zipfile module could be a good idea.

[zaphodef]

The PR went through review and has been awaiting core review for almost a month, anyone to have a look at it? :)

[HenningvonBargen]

If I understand correctly,
this bug is about supporting symlinks on *creating* ZIP files.

Please see also https://bugs.python.org/issue27318 for a proposal to support symlinks while *unpacking* ZIP files.

Maybe a preserve_symlinks optional argument should be added to the extract and extractall method as well (the same argument name is used in distutils.dir_util.copy_tree).

Anyway, I think symlink support should be added for packing *and* unpacking or not at all.

[serhiy-storchaka]

Adding support of symlinks in ZIP files will make the zipfile module vulnerable to symlink attacks like like with TAR files (see https://en.wikipedia.org/wiki/Tar_(computing)#Duplicates). Until we find a solution to this, adding support of symlinks is dangerous.

[gpshead]

If symlink support is ever added to zipfile, it needs to be off by default for both zipfile creation and zipfile extraction.

Getting extraction correct without security problems in the presence of symbolic links is extremely difficult. Even if you think you've done it...

For example, see #88189 (comment)