django.git/tests/utils_tests/test_archive.py, branch 4.2.29

django.git/tests/utils_tests/test_archive.py, branch 4.2.29 django http://cgit.adnoto.dev/django.git/atom?h=4.2.29 2025-10-01T13:06:00Z [4.2.x] Fixed CVE-2025-59682 -- Fixed potential partial directory-traversal via archive.extract(). 2025-10-01T13:06:00Z Sarah Boyce 42296566+sarahboyce@users.noreply.github.com 2025-09-16T15:13:36Z urn:sha1:9504bbaa392c9fe37eee9291f5b4c29eb6037619 Thanks stackered for the report. Follow up to 05413afa8c18cdb978fcdf470e09f7a12b234a23. Backport of 924a0c092e65fa2d0953fd1855d2dc8786d94de2 from main. Refs #33476 -- Reformatted code with Black. 2022-02-07T19:37:05Z django-bot ops@djangoproject.com 2022-02-03T19:24:19Z urn:sha1:9c19aff7c7561e3a82978a272ecdaad40dda5c00 Fixed #32821 -- Updated os.scandir() uses to use a context manager. 2021-06-07T04:52:42Z Chris Jerdonek chris.jerdonek@gmail.com 2021-06-06T06:56:34Z urn:sha1:7272e1963ffdf39c1d4fe225d5425a45dd095d11 Skipped test_archive tests when bz2/lzma module is not installed. 2021-02-04T13:08:43Z Mariusz Felisiak felisiak.mariusz@gmail.com 2021-02-04T13:08:43Z urn:sha1:ae48601e6d88410626c7d28572f969ab57b33598 Fixed CVE-2021-3281 -- Fixed potential directory-traversal via archive.extract(). 2021-02-01T08:07:36Z Mariusz Felisiak felisiak.mariusz@gmail.com 2021-01-22T11:23:18Z urn:sha1:05413afa8c18cdb978fcdf470e09f7a12b234a23 Thanks Florian Apolloner, Shai Berger, and Simon Charette for reviews. Thanks Wang Baohua for the report. Fixed #30807 -- Fixed TestArchive.test_extract_file_permissions() when umask is 0o000. 2020-06-29T05:51:43Z Ad Timmering 8476375+awtimmering@users.noreply.github.com 2020-06-29T05:51:43Z urn:sha1:ec5aa2161d8015a3fe57dcbbfe14200cd18f0a16 Fixed test that checks permissions on files extracted from archives with no permissions set, to not assume a default umask of 0o002. Test regression in c95d063e776e849cf1a0bf616c654165cb89c706. Refs #30160 -- Simplified and improved tests for django.utils.archive. 2019-07-31T07:46:24Z Nick Pope nick.pope@flightdataservices.com 2019-02-15T23:59:51Z urn:sha1:c95d063e776e849cf1a0bf616c654165cb89c706 The file executable should have 0o775 permission not only u=x. The file no_permissions should have 0o644 u=r. Removed redundant ArchiveTest.test_extract_method() test. 2019-07-30T09:33:53Z Nick Pope nick.pope@flightdataservices.com 2019-02-15T23:34:21Z urn:sha1:421c4cd2eea4cf3ee0236e3dd3fc3567c54a380a The extract() function has the same code as used in the test method for Archive.extract(). Refs #30160 -- Made destination path a required argument of extract(). 2019-07-30T09:27:56Z Nick Pope nick.pope@flightdataservices.com 2019-02-15T23:33:21Z urn:sha1:0509148c2458a990cd0a7fd2d7cfbd45eb43e000 Refs #23919 -- Removed django.utils._os.upath()/npath()/abspathu() usage. 2017-01-20T13:01:02Z Tim Graham timograham@gmail.com 2017-01-20T13:01:02Z urn:sha1:4e729feaa647547f25debb1cb63dec989dc41a20 These functions do nothing on Python 3.