import zipfile from pathlib import Path def safe_extractall(zf: zipfile.ZipFile, dest: Path) -> None: dest_resolved = Path(dest).resolve() for member in zf.namelist(): if member.startswith(("/", "\\")): raise ValueError("Unsafe absolute zip member path: %r" % (member,)) parts = Path(member).parts if ".." in parts: raise ValueError( "Unsafe parent-traversal zip member path: %r" % (member,) ) target = (dest_resolved / member).resolve() if target != dest_resolved and dest_resolved not in target.parents: raise ValueError("Zip member escapes destination: %r" % (member,)) zf.extractall(dest_resolved)