ث ‏\j<مَ²—ddlZddlZddlZddlmZddlmZddlZddlm Z m Z mZdedee efddfd„Zdd ed edefd„Zd „ZGd„d«ZGd„d«Zy)éN)عPath)عpatch)عErrorMessageع_unzip_iterع_validate_memberع file_pathعmembersعreturncَ°—tj|d«5}|j«D]\}}|j||«Œ ddd«y#1swYyxYw)zR Create a ZIP file at file_path, with the given arcname->content mapping. عwN)عzipfileعZipFileعitemsعwritestr)rr عzfعarcnameعcontents ْN/root/env/lib/python3.12/site-packages/nltk/test/unit/test_downloader_unzip.pyع _make_ziprsQ€ô ڈ‰ک Cس (ً*¨Bط '§ ، £ٍ *رˆGگWطڈK‰Kک ص)ٌ *÷*÷*ٌ*ْs—+AءAعzip_pathعextract_rootعverbosecَT—ttt|«t|«|¬««S)zj Convenience wrapper that runs _unzip_iter and returns the list of yielded messages (if any). ©r)عlistrعstr)rrrs rع_run_unzip_iterrs!€ô ”œC ›M¬3¨|س+<ہgشNسOذOَcَب—|Dڈcgc]}t|t«sŒ|‘Œ}}|s Jd|›‌«‚djd„|D««}|D]}||vrŒJd|›d|›‌«‚|Scc}w)z{Assert that *messages* contain at least one ``ErrorMessage`` whose text includes every string in *expected_substrings*.z$Expected ErrorMessage(s) containing ْ c3َFK—|]}t|j«–—Œyw©N)rعmessage©ع.0عms rْ z"_assert_blocked.."sèّ€ز9¨1œکAںI™Iںر9ùs‚!z Expected z in error output: )ع isinstancerعjoin)عmessagesعexpected_substringsr&عerr_msgsعcombinedعss rع_assert_blockedr/s†€ً$ضCگa¤z°!´\ص'B’ذC€HذCظذSذ;ذ.Bsèّ€زE°q”z !¤\×2رEùَ‚عpkgzfile.txtعsubdirz other.txtN)rrعanyع read_bytes)عselfr2rrr r*s rع(test_normal_relative_paths_are_extractedz8TestSecureUnzip.test_normal_relative_paths_are_extracted2sœ€ً کjر(ˆط )ر+ˆً%ط$,ٌ ˆô گ(کGش$ن" 8¨\ہ5شIˆنرE¸HشEشEذEذEàکuر$ zر1×=ر=س?ہ8زKذKذKطکuر$ xر/°+ر=×IرIسKبxزWذWرWrcًَ—|dz}|dz}|dzdzj«}dddœ}t||«t||d¬ «}t|d d«|j «rJ‚|dzd zj «rJ‚y)aD An entry containing ``..`` that would escape the target directory must not be written outside the extraction root, and must cause _unzip_iter to yield an ErrorMessage. The entire archive is rejected: even safe entries must NOT be extracted when any member fails validation. zzip_slip_parent.zipr4z..zoutside.txtَokَevil)ْpkg/good.txtz../outside.txtFrْZip Slipعblockedr9ْgood.txtN)عresolverrr/عexists)r=r2rrعoutside_targetr r*s rع8test_zip_slip_with_parent_directory_component_is_blockedzHTestSecureUnzip.test_zip_slip_with_parent_directory_component_is_blockedGs™€ًذ3ر3ˆط )ر+ˆà&¨ر-° ر=×FرFسHˆً"ط%ٌ ˆô گ(کGش$ن" 8¨\ہ5شIˆنک *¨iش8ط!×(ر(ش*ذ*ذ*ً! 5ر(¨:ر5×=ر=ش?ذ?ذ?ذ?rعwinْ2Absolute POSIX paths are not meaningful on Windows©عreasoncًَ—|dz}|dz}td«dtj«›‌z} ddt|«di}t ||«t||d¬ «}t |d d«|j«rJ‚|dzd zj«rJ‚ |j«r |j«yy#t$rYywxYw#|j«r! |j«w#t$rYwwxYwwxYw)a An entry with an absolute POSIX path (e.g. ``/tmp/evil``) must not be extracted as-is; it should not overwrite arbitrary filesystem paths, and should result in an ErrorMessage. The entire archive is rejected when any member fails validation. zzip_slip_abs_posix.zipr4ْ/tmpعnltk_zip_slip_test_rBr@rAFrrCrDr9rEN) rعosعgetpidrrrr/rGعunlinkعOSError)r=r2rrعabsolute_targetr r*s rع1test_zip_slip_with_absolute_posix_path_is_blockedzATestSecureUnzip.test_zip_slip_with_absolute_posix_path_is_blockedes€ًذ6ر6ˆط )ر+ˆنکv›,ذ+>¼r؟y¹y»{¸mذ)LرLˆً à ـگOس$ gًˆGô گh ش(ن& x°ہuشMˆHنکH j°)ش<à&×-ر-ش/ذ/ذ/ً% uر,¨zر9×AرAشCذCذCذCà×%ر%ش'ًط#×*ر*ص,ً(ّôٍظًûً×%ر%ش'ًط#×*ر*ص,ّـٍظًًْ(ْsB¯A Cآ!B3آ3 B?آ>B?أC5أC%أ$C5أ% C1أ.C5أ0C1أ1C5cَق—ttd«stjd«|dz}|dz}|dz}|j «|dz}ddd œ}t||«|j « tj||d z«t||d¬ «}|j«rJ‚t|dd«|dzdzj«rJ‚y#t$rtjd«YŒfwxYw)a If there is a pre-existing symlink below the extraction root that points outside the root, writing through that symlink should not be allowed to escape the root. The entire archive is rejected when any member fails validation. عsymlinkz'Symlinks not supported on this platformzzip_slip_symlink.zipr4عoutside_dirzevil.txtr@rA)rBzdir_link/evil.txtعdir_linkz/Symlink creation not permitted on this platformFrzSymlink escaperDr9rEN)عhasattrrQعpytestعskipعmkdirrrXrTrrGr/)r=r2rrrYrHr r*s rع:test_entries_resolved_outside_root_are_blocked_via_symlinkzJTestSecureUnzip.test_entries_resolved_outside_root_are_blocked_via_symlinkŒs€ô”rک9ش%ـڈK‰KذAشBàذ4ر4ˆط )ر+ˆط ر.ˆط×رشط$ zر1ˆً"ط!(ٌ ˆô گ(کGش$à×رشً KـڈJ‰Jگ{ L°:ر$=ش>ô# 8¨\ہ5شIˆà!×(ر(ش*ذ*ذ*ـکذ"2°Iش>ً! 5ر(¨:ر5×=ر=ش?ذ?ذ?ذ?ّôٍ KـڈK‰KذIضJً Kْsء,CأC,أ+C,cَض—|dz}|jd«|dz}t||d¬«}td„|D««sJ‚|j«rt|j ««rJ‚yy)zگ A corrupt or non-zip file should cause _unzip_iter to yield an ErrorMessage instead of raising an unhandled exception. z not_a_zip.txtsthis is not a zip archiver4Frc3َ<K—|]}t|t«–—Œywr"r7r$s rr'zGTestSecureUnzip.test_bad_zipfile_yields_errormessage..¾sèّ€زA°1”:کa¤×.رAùr8N)عwrite_bytesrr;rGعiterdir©r=r2rrr*s rع$test_bad_zipfile_yields_errormessagez4TestSecureUnzip.test_bad_zipfile_yields_errormessage³st€ً کoر-ˆط×رذ9ش:ط )ر+ˆن" 8¨\ہ5شIˆنرA¸شAشAذAذAà×رش ـک<×/ر/س1ش2ذ2ذ2ذ2ً!rcَH—|dz}|dz}t|dddœ«ddg}td|¬ «5td «5}t||d¬«}d d d «d d d «tdd«j «|dzdzj«rJ‚y #1swYŒGxYw#1swYŒKxYw)aµ A member name containing a null byte must be rejected. Null bytes can cause path truncation on some platforms, so they are never legitimate in archive entry names. The entire archive is rejected when any member fails validation. Note: CPython's zipfile module truncates names at null bytes on read, so we patch ``namelist()`` to simulate a library that preserves them. z null_byte.zipr4r@rA)rBzpkg/evil.txtrBْ pkg/evil.txtْ(nltk.downloader.zipfile.ZipFile.namelist)عreturn_valueْ'nltk.downloader.zipfile.ZipFile.extractFrNْ Null byterDr9rE)rrrr/عassert_not_calledrG)r=r2rrعpoisoned_namesعmock_extractr*s rع(test_null_byte_in_member_name_is_blockedz8TestSecureUnzip.test_null_byte_in_member_name_is_blockedأsث€ًکoر-ˆط )ر+ˆنگ(¨UہGرLشMà(ذ*<ذ=ˆن ط6ط'ô ٌ Nôط5َ ً Nً ـ& x°ہuشMˆH÷ N÷ Nô ک +¨yش9ط×&ر&ش(à 5ر(¨:ر5×=ر=ش?ذ?ذ?ذ?÷ Nً Nْ÷ Nً Nْs"«B·BءBآB آBآB!cَD—|dz}|dz}td«dtj«›‌z} ddddt|«d d di}t ||«t||d¬ «}t |d«}t|«dk\sJd«‚|j«rJ‚|j«rt|j««rJ‚|j«r |j«yy#t$rYywxYw#|j«r! |j«w#t$rYwwxYwwxYw)a An archive that combines several different violation types (path traversal and absolute path) must report every violation and extract nothing. This verifies that the validation scan does not short-circuit after the first bad entry. zmulti_violation.zipr4rOعnltk_multi_viol_test_z data/a.txtsaaaz../traversal.txtsevil1sevil2z data/b.txtsbbbFrrCéz#Expected at least two ErrorMessagesN) rrQrRrrrr/عlenrGr;rcrSrT)r=r2rrrUr r*r,s rع@test_multiple_violation_types_all_reported_and_nothing_extractedzPTestSecureUnzip.test_multiple_violation_types_all_reported_and_nothing_extractedمs:€ًذ3ر3ˆط )ر+ˆنکv›,ذ+@ؤاءأہ ذ)NرNˆً àکfط" HـگOس$ hطکfً ˆGô گh ش(ن& x°ہuشMˆHن& x°س<ˆHـگx“= Aز%ذLذ'LسLذ%à&×-ر-ش/ذ/ذ/à×"ر"ش$ـک|×3ر3س5ش6ذ6ذ6à×%ر%ش'ًط#×*ر*ص,ً(ّôٍظًûً×%ر%ش'ًط#×*ر*ص,ّـٍظًًْ(ْsB¯BC,أCأ C)أ(C)أ,Dأ>DؤDؤ DؤDؤDؤDcَ4—|dz}|dz}|dz}t|ddi«|j«|jd«tdt d«¬ «5t||d ¬«}ddd«t d «|j«dk(sJ‚y#1swYŒ+xYw)z{ If extraction fails mid-stream, pre-existing content under the extraction root must be preserved. zextract_error.zipr4zalready_there.txtr5َdataskeep-merjzsimulated extraction failure©عside_effectFrNzExtraction error)rr^rbrrTrr/r<)r=r2rrع existing_filer*s rع>test_extraction_error_does_not_delete_preexisting_root_contentzNTestSecureUnzip.test_extraction_error_does_not_delete_preexisting_root_contents®€ًذ1ر1ˆط )ر+ˆط$ذ':ر:ˆ نگ(ک^¨Wذ5ش6ط×رشط×!ر! *ش-ن ط5ـذ >س?ô ٌ Nô' x°ہuشMˆH÷ Nô کذ"4ش5à×'ر'س)¨Zز7ذ7ر7÷ Nً NْsءBآBcَ—|dz}|dz}t|ddi«tdtd«¬«5t||d¬ «}d d d «t d«|j«rt |j««rJ‚y y #1swYŒBxYw)z، If ``zf.namelist()`` itself raises (e.g. corrupted central directory), an ErrorMessage must be yielded and the zip file must be closed. znamelist_bomb.zipr4r5rvrhzcorrupted central directoryrwFrN)rrعRuntimeErrorrr/rGr;rcrds rع(test_namelist_raises_yields_errormessagez8TestSecureUnzip.test_namelist_raises_yields_errormessage's‌€ً ذ1ر1ˆط )ر+ˆنگ(ک^¨Wذ5ش6ن ط6ـ$ذ%BسCô ٌ Nô' x°ہuشMˆH÷ Nô کذ"?ش@à×رش ـک<×/ر/س1ش2ذ2ذ2ذ2ً!÷ Nً Nْs¯A?ء?Bcَ”—|dz}|dz}ddi}t||«t||d¬«|j«}d|jvsJ‚y) z‌ When verbose=True, _unzip_iter should write a status line to stdout. This checks that existing user-visible behaviour is preserved. zverbose.zipr4r5rvTrع UnzippingN)rrع readouterrعout)r=عcapsysr2rrr عcaptureds rع(test_unzip_iter_verbose_writes_to_stdoutz8TestSecureUnzip.test_unzip_iter_verbose_writes_to_stdout<sX€ً کmر+ˆط )ر+ˆà! 7ذ+ˆـگ(کGش$نک ,¸ص=ط×$ر$س&ˆطکhںl™lر*ذ*ر*rcَذ—|dz}|jd«|dz}t||d¬«|j«}d|jvsJ‚|jj d«sJ‚y) z¶ When verbose=True and the file is not a valid zip, the output line must still be terminated with a newline so the terminal is left in a clean state. zcorrupt.txts not a zipr4Trrْ N)rbrr€rپعendswith)r=r‚r2rrrƒs rع"test_verbose_output_on_corrupt_zipz2TestSecureUnzip.test_verbose_output_on_corrupt_zipKsj€ًکmر+ˆط×رک\ش*ط )ر+ˆنک ,¸ص=ط×$ر$س&ˆطکhںl™lر*ذ*ذ*طڈ|‰|×$ر$ Tش*ذ*ر*r)ع__name__ع __module__ع__qualname__ع__doc__rr>rIr\عmarkعskipifعsysعplatformع startswithrVr_rerortrzr}r„rˆ©rrr1r1(sb„ًٌXہًXب$َXً*@طً@à َ@ً<‡[پ[×رطڈ‰×ر س&طCًًَ!ب$ً!ذSWٍ!َ ً!ًF%@طً%@à َ%@ًN3¸Tً3ہdَ3ً @ہً@ب$َ@ً@‡[پ[×رطڈ‰×ر س&طCًًَ%طً%à ٍ%َ ً%ًN8طً8à َ8ً23ہً3ب$َ3ً* +بً +ذRVَ +ً +ہ4ً +بDô +rr1cَ&—eZdZdZd„Zd„Zd„Zd„Zejjejjd«d¬«d „«Zejjejjd«d ¬«d„«Zd„Zd „Zy)عTestValidateMemberzADirect unit tests for ``_validate_member`` path validation logic.cَ<—t|dz«}td|«پJ‚y)Nعrootr5©rr)r=r2r–s rعtest_safe_relative_path_passesz1TestValidateMember.test_safe_relative_path_passes^s$€ـگ8کfر$س%ˆـ °س5ذ=ذ=ر=rcَH—t|dz«}td|«}|پd|vsJ‚y)Nr–ْ../evil.txtrCr—©r=r2r–عresults rعtest_parent_traversal_blockedz0TestValidateMember.test_parent_traversal_blockedbs3€ـگ8کfر$س%ˆـ! -°س6ˆطذ! j°Fر&:ذ:ذ:ذ&:rcَH—t|dz«}td|«}|پd|vsJ‚y)Nr–za/b/c/../../../../evil.txtrCr—r›s rع$test_deeply_nested_traversal_blockedz7TestValidateMember.test_deeply_nested_traversal_blockedgs4€ـگ8کfر$س%ˆـ!ذ">ہسEˆطذ! j°Fر&:ذ:ذ:ذ&:rcَH—t|dz«}td|«}|پd|vsJ‚y)Nr–rgrkr—r›s rعtest_null_byte_blockedz)TestValidateMember.test_null_byte_blockedls4€ـگ8کfر$س%ˆـ!ذ"4°dس;ˆطذ! k°Vر&;ذ;ذ;ذ&;rrJrKrLcَH—t|dz«}td|«}|پd|vsJ‚y)Nr–z/etc/passwdrCr—r›s rع test_absolute_posix_path_blockedz3TestValidateMember.test_absolute_posix_path_blockedqs5€ô گ8کfر$س%ˆـ! -°س6ˆطذ! j°Fر&:ذ:ذ:ذ&:rz1Drive-letter paths are only meaningful on WindowscَH—t|dz«}td|«}|پd|vsJ‚y)Nr–zC:\Windows\evil.txtrCr—r›s rع!test_windows_drive_letter_blockedz4TestValidateMember.test_windows_drive_letter_blockedzs6€ô گ8کfر$س%ˆـ!ذ"9¸4س@ˆطذ! j°Fر&:ذ:ذ:ذ&:rcَگ—t|dz«}td|«}tjj d«r |پd|vsJ‚y|پJ‚y)z¹On Windows, backslash is a path separator so ``..\evil.txt`` is a traversal attack. On POSIX, backslash is a literal filename character and the member name is harmless.r–z..\evil.txtrJNrC)rrrڈrگr‘r›s rعtest_backslash_traversalz+TestValidateMember.test_backslash_traversalƒsQ€ôگ8کfر$س%ˆـ! .°$س7ˆـڈ<‰<×"ر" 5ش)طذ%¨*¸ر*>ذ>ذ>ذ*>àگ>ذ!‘>rcَê‡—t|dz«}tjjٹˆfd„}t d|¬«5td|«پJ‚td|«}|پd|vsJ‚ ddd«y#1swYyxYw) z‚Simulate case-folding normcase (as on Windows) to verify that _validate_member applies it to both target and prefix paths.عRootcَ0•—‰|«j«Sr")عlower)عpعoriginal_normcases €rعcase_folding_normcasez^TestValidateMember.test_normcase_is_applied_to_path_comparisons..case_folding_normcase”sّ€ظ$ Qس'×-ر-س/ذ/rz nltk.downloader.os.path.normcaserwr5NrڑrC)rrQعpathعnormcaserr)r=r2r–r®rœrs @rع,test_normcase_is_applied_to_path_comparisonsz?TestValidateMember.test_normcase_is_applied_to_path_comparisonsژs…ّ€ôگ8کfر$س%ˆـںG™G×,ر,ذô 0ôط.ط-ô ٌ ?ô$ N°Dس9ذAذAذAن% m°Tس:ˆFطذ%¨*¸ر*>ذ>ذ>ذ*>÷ ?÷ ?ٌ ?ْs¼#A)ء)A2N)r‰rٹr‹rŒrکr‌rںr،r\rچrژrڈrگr‘r£r¥r§r±r’rrr”r”[s „ظKٍ>ٍ;ٍ ;ٍ <ً ‡[پ[×رطڈ‰×ر س&طCًٌَ;َ ً;ً ‡[پ[×رطڈL‰L×#ر# Eس*ذ*طBًٌَ;َ ً;ٍ "َ?rr”)F)rQrڈr عpathlibrع unittest.mockrr\عnltk.downloaderrrrعdictrعbytesrعboolrr/r1r”r’rrْr¸s|ًغ غ غففم çGرGً*کً*¨¨S°%¨Zر(8ً*¸Tَ*ٌPکdًP°$ًPہَPٍ÷p+ٌp+÷f C?ٍC?r