Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

TarFile.extract raises DeprecationWarning since Python 3.12 #6657

Open
danielhollas opened this issue Dec 9, 2024 · 0 comments
Open

TarFile.extract raises DeprecationWarning since Python 3.12 #6657

danielhollas opened this issue Dec 9, 2024 · 0 comments
Labels
good first issue Issues that should be relatively easy to fix also for beginning contributors help wanted priority/important topic/archive type/enhancement

Comments

@danielhollas
Copy link
Collaborator

Issue

Calls to stdlib tar.TarFile.extract (or tar.TarFile.extractall) started raising the following DeprecationWarning since Python 3.12

/opt/hostedtoolcache/Python/3.12.7/x64/lib/python3.12/site-packages/aiida/storage/sqlite_zip/migrations/legacy_to_main.py:81: DeprecationWarning: Python 3.14 will, by default, filter extracted tar archives and reject files or modify their metadata. Use the filter argument to control this behavior.

In general, extracting untrusted tarfiles is an unsafe operation (since the tarfile can contain relative paths (e.g. ../malicious_file.txt) or absolute paths to known locations. See PEP 706, which added the filter argument to extract methods in Python 3.12. When this argument is omitted a DeprecationWarning is raised.

Solution

Documentation on extraction filters

See this section of the PEP how to deal with this in a backwards compatible manner
https://peps.python.org/pep-0706/#backporting-forward-compatibility

Open questions

Which filter should we use by default? Probably data, which is recommended and will be default since 3.14.

Your environment

  • Python version: >=3.12
@danielhollas danielhollas added type/bug help wanted priority/important type/enhancement topic/archive good first issue Issues that should be relatively easy to fix also for beginning contributors and removed type/bug labels Dec 9, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
good first issue Issues that should be relatively easy to fix also for beginning contributors help wanted priority/important topic/archive type/enhancement
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@danielhollas