-
Notifications
You must be signed in to change notification settings - Fork 445
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
discussion: bandit linter showing high severity_score for tarfile library #3841
Comments
Hello, unblob could be used to extract a wide variety of file formats including tar. unblob implemented a |
Thank you @ffontaine . Will try it in code and let you know how it works |
A few things:
That said, for PR #3543 I would suggest you just call our existing extractor functions rather than calling tarfile directly. That way, when extractor.py is fixed your code will also be fixed. |
@terriko I took your advice and changed the code and committed . |
Actually , since we are talking about extractors, I did come across one little thing. |
Hey @crazytrain328 i was recently working with extractors, we do have .tar.xz extractor it is handled with extract_file_tar() in extractor.py , there is whole list of file extension that are supported you can check out the onces that are useful to your issue. |
Hello @mastersans , Thanx for letting me know. |
I'm gonna close this since it has already been resolved |
In my recent commit to my PR #3543 bandit linter shows that the used library tarfile has high severity_score. However, I went through all the documentations of the repo and also of python.
I was not able to find any suitable method to extract tarfiles without using the tarfile library.
Even the utility functions that we have in async_utils.py use tarfile library as they call unpack_archive function from shutil.py which calls tarfile to unpack a tarfile.
Does anyone have any suggestions on how to tackle this problem?
@terriko @anthonyharrison @b31ngd3v @Rexbeast2
The text was updated successfully, but these errors were encountered: