[extensions-web] Abort if the zip file does not CRC correctly or is too large

From: Jasper St. Pierre <jstpierre src gnome org>
To: commits-list gnome org
Cc:
Subject: [extensions-web] Abort if the zip file does not CRC correctly or is too large
Date: Wed, 26 Oct 2011 20:07:35 +0000 (UTC)

commit 568b2a2c7e8c8e9ba8259983044df0d8b2089923
Author: Jasper St. Pierre <jstpierre mecheye net>
Date:   Wed Oct 26 13:51:36 2011 -0400

    Abort if the zip file does not CRC correctly or is too large

 sweettooth/extensions/models.py |    7 +++++++
 1 files changed, 7 insertions(+), 0 deletions(-)
---
diff --git a/sweettooth/extensions/models.py b/sweettooth/extensions/models.py
index e42e40f..4b2608a 100644
--- a/sweettooth/extensions/models.py
+++ b/sweettooth/extensions/models.py
@@ -148,6 +148,13 @@ def parse_zipfile_metadata(uploaded_file):
     except BadZipfile:
         raise InvalidExtensionData("Invalid zip file")
 
+    if zipfile.testzip() is not None:
+        raise InvalidExtensionData("Invalid zip file")
+
+    total_uncompressed = sum(i.file_size for i in zipfile.infolist())
+    if total_uncompressed > 5*1024**3: # 5 MB
+        raise InvalidExtensionData("Zip file is too large")
+
     try:
         metadata = json.load(zipfile.open('metadata.json', 'r'))
     except KeyError:

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]