CVE-2007-4559 Patch

changelog.txt

@@ -57,6 +57,7 @@ Removed
  - Removed upper bound of Python 4 on ``python_requires`` (#781).
  - Dropped support for Python 3.6 and Python 3.7 (#715) following the recommended support schedules of `NEP 29 <https://numpy.org/neps/nep-0029-deprecation_policy.html>`__.
  - Dropped dependency on ``deprecation`` package (#687, #718).
+ - Removed unused ``_extract`` utility function to avoid CVE-2007-4559 (#829).
 
 [1.7.0] -- 2021-06-08
 ---------------------

signac/contrib/utility.py

@@ -8,12 +8,8 @@
 import logging
 import os
 import sys
-import tarfile
-import zipfile
 from collections.abc import Mapping
-from contextlib import contextmanager
 from datetime import timedelta
-from tempfile import TemporaryDirectory
 from time import time
 
 from ..common.deprecation import deprecated
@@ -339,39 +335,6 @@ def split_and_print_progress(iterable, num_chunks=10, write=None, desc="Progress
         yield iterable
 
 
-@contextmanager
-def _extract(filename):
-    """Extract zipfile and tarfile.
-
-    Parameters
-    ----------
-    filename : str
-        Name of zipfile/tarfile to extract.
-
-    Yields
-    ------
-    str
-        Path to the extracted directory.
-
-    Raises
-    ------
-    RuntimeError
-        When the provided file is neither a zipfile nor a tarfile.
-
-    """
-    with TemporaryDirectory() as tmpdir:
-        if zipfile.is_zipfile(filename):
-            with zipfile.ZipFile(filename) as file:
-                file.extractall(tmpdir)
-                yield tmpdir
-        elif tarfile.is_tarfile(filename):
-            with tarfile.open(filename) as file:
-                file.extractall(path=tmpdir)
-                yield tmpdir
-        else:
-            raise RuntimeError(f"Unknown file type: '{filename}'.")
-
-
 def _dotted_dict_to_nested_dicts(dotted_dict, delimiter_nested="."):
     """Convert dotted keys in the state point dict to a nested dict.