3D-printing/Cura
1
0
Fork 0
mirror of https://github.com/Ultimaker/Cura.git synced 2025-08-06 05:23:58 -06:00
Code Issues Projects Releases Packages Wiki Activity Actions 8

Merge branch 'WH_unzip_backups_security' of github.com:Ultimaker/Cura

Browse source
This commit is contained in:
Jaime van Kessel 2020-01-31 16:32:53 +01:00
commit 5e70d2c122
No known key found for this signature in database
GPG key ID: 3710727397403C91
1 changed files with 8 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

8
cura/Backups/Backup.py
View file

@ -145,6 +145,14 @@ class Backup:
# \return Whether we had success or not.
@staticmethod
def _extractArchive(archive: "ZipFile", target_path: str) -> bool:
# Implement security recommendations: Sanity check on zip files will make it harder to spoof.
from cura.CuraApplication import CuraApplication
config_filename = CuraApplication.getInstance().getApplicationName() + ".cfg" # Should be there if valid.
if config_filename not in [file.filename for file in archive.filelist]:
Logger.logException("e", "Unable to extract the backup due to corruption of compressed file(s).")
return False
Logger.log("d", "Removing current data in location: %s", target_path)
Resources.factoryReset()
Logger.log("d", "Extracting backup to location: %s", target_path)