80
submitted 1 month ago* (last edited 1 month ago) by myxi@toast.ooo to c/programming@programming.dev

I like trying out new things quite frequently and often times these tools are packed in an archive file. But I'm in constant fear whenever I am to unpack those archives because sometimes there are hundreds of files and the person who packed them wouldn't even do the bare minimum of nesting them inside a directory.

Dolphin (file explorer) had a useful thing where it would detect whether the contents are already nested and if they are not only then it would nest them inside a directory. I tried searching for something similar for the CLI but couldn't find anything so here it is. Another benefit is that it supports .zip, .tar.xz, .tar.gz simultaneously so I don't need to deal with manpages of unzip, tar thousand times just because I keep forgetting how to use them. Now it's just vert x file.zip.

I can add support for a few more formats but I don't feel the need at least for now (PRs welcome).

you are viewing a single comment's thread
view the rest of the comments
[-] kevincox@lemmy.ml 11 points 1 month ago* (last edited 1 month ago)

Warning

Never extract archives from untrusted sources without prior inspection. It is possible that files are created outside of path, e.g. members that have absolute filenames starting with "/" or filenames with two dots "..".

https://docs.python.org/3/library/tarfile.html#tarfile.TarFile.extractall

I would be careful if using this as a general purpose tool.

A better alternative would likely be to use the regular command-line tools which have been hardened to this type of thing (and are likely much faster) and then just inspect the result. Always create a wrapper directory, then if the result is only one directory inside of that move it out, otherwise just keep the wrapper. I would recommend that the other updates their tool to do this rather than the current approach.

[-] myxi@toast.ooo 8 points 1 month ago* (last edited 1 month ago)

UPDATE: Implemented VERT_USE_EXTERNAL_TOOLS environment variable. See #Configuration.

I had passed the filter parameter as "data", which should help prevent most issues with it but yes I agree that it would've been better to use external tools to do the heavy-lifting. I avoided them to make the program cross-platform and easier to setup (you currently can just run a simple pip command to install it). I may introduce them as optional backends later with a warning on the default ones but for now I'm postponing it.

this post was submitted on 01 Dec 2024
80 points (94.4% liked)

Programming

17775 readers
316 users here now

Welcome to the main community in programming.dev! Feel free to post anything relating to programming here!

Cross posting is strongly encouraged in the instance. If you feel your post or another person's post makes sense in another community cross post into it.

Hope you enjoy the instance!

Rules

Rules

  • Follow the programming.dev instance rules
  • Keep content related to programming in some way
  • If you're posting long videos try to add in some form of tldr for those who don't want to watch videos

Wormhole

Follow the wormhole through a path of communities !webdev@programming.dev



founded 2 years ago
MODERATORS