Skip to content
Permalink
Browse files Browse the repository at this point in the history
  • Loading branch information
stevenbird committed Aug 20, 2019
1 parent 2554ff4 commit f59d7ed
Showing 1 changed file with 1 addition and 35 deletions.
36 changes: 1 addition & 35 deletions nltk/downloader.py
Expand Up @@ -2260,42 +2260,8 @@ def _unzip_iter(filename, root, verbose=True):
yield ErrorMessage(filename, e)
return

# Get lists of directories & files
namelist = zf.namelist()
dirlist = set()
for x in namelist:
if x.endswith('/'):
dirlist.add(x)
else:
dirlist.add(x.rsplit('/', 1)[0] + '/')
filelist = [x for x in namelist if not x.endswith('/')]

# Create the target directory if it doesn't exist
if not os.path.exists(root):
os.mkdir(root)

# Create the directory structure
for dirname in sorted(dirlist):
pieces = dirname[:-1].split('/')
for i in range(len(pieces)):
dirpath = os.path.join(root, *pieces[: i + 1])
if not os.path.exists(dirpath):
os.mkdir(dirpath)

# Extract files.
for i, filename in enumerate(filelist):
filepath = os.path.join(root, *filename.split('/'))

try:
with open(filepath, 'wb') as dstfile, zf.open(filename) as srcfile:
shutil.copyfileobj(srcfile, dstfile)
except Exception as e:
yield ErrorMessage(filename, e)
return
zf.extractall(root)

if verbose and (i * 10 / len(filelist) > (i - 1) * 10 / len(filelist)):
sys.stdout.write('.')
sys.stdout.flush()
if verbose:
print()

Expand Down

1 comment on commit f59d7ed

@greysteil
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for this @stevenbird, and for all your work on nltk.

Have you got 5 minutes to talk me through the process you went through fixing this, and any way GitHub can help? I'm on GitHub's security team and am working to make it easier for maintainers to alert users of security vulnerabilities.

Currently we have the security alert emails (which we're working to improve) and Security Advisories (the security tab on this repo). In future we're planning to make it easy for maintainers to apply for CVEs through GitHub (via creating Security Advisories).

Was there any part of the flow of finding, fixing, and alerting users of this vulnerability that GitHub could have helped with? Or anything we're doing now that you'd like us to do differently?

Any feedback very much appreciated. I'm on greysteil@github.com if you'd rather email it privately.

Thanks for all your do, and please don't hesitate to reach out if there's ever any way GitHub can help.

Please sign in to comment.