Preserve the current behavior whether it is possible.

Author: serhiy-storchaka

Lib/shutil.py

@@ -1315,6 +1315,7 @@ def _unpack_zipfile(filename, extract_dir):
         raise ReadError("%s is not a zip file" % filename)
 
     with zipfile.ZipFile(filename) as zip:
+        zip._ignore_invalid_names = True
         zip.extractall(extract_dir)
 
 def _unpack_tarfile(filename, extract_dir, *, filter=None):

Lib/test/test_shutil.py

@@ -2173,12 +2173,13 @@ def test_unpack_archive_zip_badpaths(self):
         with zipfile.ZipFile(zipname, 'w') as zf:
             zf.writestr(abspath, 'badfile')
             zf.writestr(os.sep + abspath, 'badfile')
-            zf.writestr('/abspath2', 'badfile')
-            if os.name == 'nt':
-                zf.writestr('C:/abspath3', 'badfile')
-                zf.writestr('C:\\abspath4', 'badfile')
-                zf.writestr('C:abspath5', 'badfile')
-                zf.writestr('C:/C:/abspath6', 'badfile')
+            zf.writestr('/abspath', 'badfile')
+            zf.writestr('C:/abspath', 'badfile')
+            zf.writestr('D:\\abspath', 'badfile')
+            zf.writestr('E:abspath', 'badfile')
+            zf.writestr('F:/G:/abspath', 'badfile')
+            zf.writestr('//server/share/abspath', 'badfile')
+            zf.writestr('\\\\server2\\share\\abspath', 'badfile')
             zf.writestr('../relpath', 'badfile')
             zf.writestr(os.pardir + os.sep + 'relpath2', 'badfile')
             zf.writestr('good/file', 'goodfile')
@@ -2189,16 +2190,23 @@ def test_unpack_archive_zip_badpaths(self):
         self.assertTrue(os.path.isfile(os.path.join(dstdir, 'good', 'file')))
         self.assertTrue(os.path.isfile(os.path.join(dstdir, 'good..file')))
         self.assertFalse(os.path.exists(abspath))
-        self.assertTrue(os.path.exists(os.path.join(dstdir, 'abspath2')))
-        if os.name == 'nt':
-            self.assertTrue(os.path.exists(os.path.join(dstdir, 'abspath3')))
-            self.assertTrue(os.path.exists(os.path.join(dstdir, 'abspath4')))
-            self.assertTrue(os.path.exists(os.path.join(dstdir, 'abspath5')))
-            self.assertTrue(os.path.exists(os.path.join(dstdir, 'C_', 'abspath6')))
-        self.assertFalse(os.path.exists(os.path.join(dstdir, '..', 'relpath')))
-        self.assertTrue(os.path.exists(os.path.join(dstdir, 'relpath')))
+        self.assertFalse(os.path.exists(os.path.join(dstdir, 'abspath')))
+        self.assertFalse(os.path.exists(os.path.join(dstdir, 'G_')))
+        self.assertFalse(os.path.exists(os.path.join(dstdir, 'server')))
+        self.assertFalse(os.path.exists(os.path.join(dstdir, 'server2')))
+        if os.name != 'nt':
+            self.assertTrue(os.path.isfile(os.path.join(dstdir, 'C:', 'abspath')))
+            self.assertTrue(os.path.isfile(os.path.join(dstdir, 'D:\\abspath')))
+            self.assertTrue(os.path.isfile(os.path.join(dstdir, 'E:abspath')))
+            self.assertTrue(os.path.isfile(os.path.join(dstdir, 'F:', 'G:', 'abspath')))
+            self.assertTrue(os.path.isfile(os.path.join(dstdir, '\\\\server2\\share\\abspath')))
+        if os.pardir == '..':
+            self.assertFalse(os.path.exists(os.path.join(dstdir, '..', 'relpath')))
+            self.assertFalse(os.path.exists(os.path.join(dstdir, 'relpath')))
+        else:
+            self.assertTrue(os.path.isfile(os.path.join(dstdir, '..', 'relpath')))
         self.assertFalse(os.path.exists(os.path.join(dstdir, os.pardir, 'relpath2')))
-        self.assertTrue(os.path.exists(os.path.join(dstdir, 'relpath2')))
+        self.assertFalse(os.path.exists(os.path.join(dstdir, 'relpath2')))
 
         dstdir2 = os.path.join(self.mkdtemp(), 'dst')
         os.mkdir(dstdir2)
@@ -2207,16 +2215,23 @@ def test_unpack_archive_zip_badpaths(self):
             self.assertTrue(os.path.isfile(os.path.join('good', 'file')))
             self.assertTrue(os.path.isfile('good..file'))
             self.assertFalse(os.path.exists(abspath))
-            self.assertTrue(os.path.exists('abspath2'))
-            if os.name == 'nt':
-                self.assertTrue(os.path.exists('abspath3'))
-                self.assertTrue(os.path.exists('abspath4'))
-                self.assertTrue(os.path.exists('abspath5'))
-                self.assertTrue(os.path.exists(os.path.join('c_', 'abspath6')))
-            self.assertFalse(os.path.exists(os.path.join('..', 'relpath')))
-            self.assertTrue(os.path.exists('relpath'))
+            self.assertFalse(os.path.exists('abspath'))
+            self.assertFalse(os.path.exists('C_'))
+            self.assertFalse(os.path.exists('server'))
+            self.assertFalse(os.path.exists('server2'))
+            if os.name != 'nt':
+                self.assertTrue(os.path.isfile(os.path.join('C:', 'abspath')))
+                self.assertTrue(os.path.isfile('D:\\abspath'))
+                self.assertTrue(os.path.isfile('E:abspath'))
+                self.assertTrue(os.path.isfile(os.path.join('F:', 'G:', 'abspath')))
+                self.assertTrue(os.path.isfile('\\\\server2\\share\\abspath'))
+            if os.pardir == '..':
+                self.assertFalse(os.path.exists(os.path.join('..', 'relpath')))
+                self.assertFalse(os.path.exists('relpath'))
+            else:
+                self.assertTrue(os.path.isfile(os.path.join('..', 'relpath')))
             self.assertFalse(os.path.exists(os.path.join(os.pardir, 'relpath2')))
-            self.assertTrue(os.path.exists('relpath2'))
+            self.assertFalse(os.path.exists('relpath2'))
 
     def test_unpack_registry(self):
 

Lib/zipfile/__init__.py

@@ -1410,6 +1410,7 @@ class ZipFile:
 
     fp = None                   # Set here since __del__ checks it
     _windows_illegal_name_trans_table = None
+    _ignore_invalid_names = False
 
     def __init__(self, file, mode="r", compression=ZIP_STORED, allowZip64=True,
                  compresslevel=None, *, strict_timestamps=True, metadata_encoding=None):
@@ -1890,21 +1891,31 @@ def _extract_member(self, member, targetpath, pwd):
 
         # build the destination pathname, replacing
         # forward slashes to platform specific separators.
-        arcname = member.filename.replace('/', os.path.sep)
-
-        if os.path.altsep:
+        arcname = member.filename
+        if os.path.sep != '/':
+            arcname = arcname.replace('/', os.path.sep)
+        if os.path.altsep and os.path.altsep != '/':
             arcname = arcname.replace(os.path.altsep, os.path.sep)
         # interpret absolute pathname as relative, remove drive letter or
         # UNC path, redundant separators, "." and ".." components.
-        arcname = os.path.splitdrive(arcname)[1]
+        drive, root, arcname = os.path.splitroot(arcname)
+        if self._ignore_invalid_names and (drive or root):
+            return None
+        if self._ignore_invalid_names and os.path.pardir in arcname.split(os.path.sep):
+            return None
         invalid_path_parts = ('', os.path.curdir, os.path.pardir)
         arcname = os.path.sep.join(x for x in arcname.split(os.path.sep)
                                    if x not in invalid_path_parts)
         if os.path.sep == '\\':
             # filter illegal characters on Windows
-            arcname = self._sanitize_windows_name(arcname, os.path.sep)
+            arcname2 = self._sanitize_windows_name(arcname, os.path.sep)
+            if self._ignore_invalid_names and arcname2 != arcname:
+                return None
+            arcname = arcname2
 
         if not arcname and not member.is_dir():
+            if self._ignore_invalid_names:
+                return None
             raise ValueError("Empty filename.")
 
         targetpath = os.path.join(targetpath, arcname)