-
Notifications
You must be signed in to change notification settings - Fork 17.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
proposal: archive/zip: add ability to read local file header #40354
Comments
CC @dsnet |
The duplication of information in ZIP combined with the lack of implementations that verify that the two are consistent has resulted in a large number of ZIP files that have inconsistent local vs central header information. I believe that the de facto state of most implementations is to treat the central header as authoritative anytime they differ. I don't see a way to provide this feature without a potentially significant change to the API. While I understand the desire for being able to verify ZIP file integrity for security purposes, I'm not sure it's a compelling enough use-case to warrant this additional API. Let's say that we verify consistency of (centrally known) local headers with the central headers, there are still weird corner cases that people can theoretically exploit for malicious purposes. For example, what do you do with local files that do not exist in the central directory? Such a situation still presents a possible security hole. I'm not sure this implementation would want to support such a use case at it would require changing the ZIP decoder from being random-access, to be streaming based. |
Just to be absolutely clear, I'm not suggesting that the
As of now, I believe it's impossible to even detect this state with the current implementation. However the proposed API (providing access to the local header of a |
I would also appreciate if My use case is reading zip files produced by httrack, it writes custom metadata in Currently |
Yeah 👍 on this, had to end up re-implementing for szip |
In a zip archive, file information is stored in two locations: the central directory header, and a local file header located prior to the file's data. In certain circumstances, a user might want to read information from the local file header as opposed to solely the central directory header. The current implementation relies solely on the central directory header to compute the
FileHeader
struct.Instances in which a user might want to have access to the local header include:
.txt
extension in the central directory header, but with.exe
in the local file header)Currently, if a user wanted to read the local file header, they would need to implement their own zip reader, as no export would allow them the raw access to the underlying reader necessary to read the local file header.
Ideally, the solution would not introduce additional unnecessary reads for users who don't care about the local file header. One potential solution would be the addition of the following function:
This would allow users to explicitly request a read of the local file header for a given
zip.File
.The text was updated successfully, but these errors were encountered: