Skip Navigation
Programming @programming.dev myxi @toast.ooo

I made a little tool to unzip archives in a sane way

github.com GitHub - eeriemyxi/vert: Sane way to extract/view archived contents.

Sane way to extract/view archived contents. Contribute to eeriemyxi/vert development by creating an account on GitHub.

GitHub - eeriemyxi/vert: Sane way to extract/view archived contents.

I like trying out new things quite frequently and often times these tools are packed in an archive file. But I'm in constant fear whenever I am to unpack those archives because sometimes there are hundreds of files and the person who packed them wouldn't even do the bare minimum of nesting them inside a directory.

Dolphin (file explorer) had a useful thing where it would detect whether the contents are already nested and if they are not only then it would nest them inside a directory. I tried searching for something similar for the CLI but couldn't find anything so here it is. Another benefit is that it supports .zip, .tar.xz, .tar.gz simultaneously so I don't need to deal with manpages of unzip, tar thousand times just because I keep forgetting how to use them. Now it's just vert x file.zip.

I can add support for a few more formats but I don't feel the need at least for now (PRs welcome).

12

You're viewing a single thread.

12 comments

  • Warning

    Never extract archives from untrusted sources without prior inspection. It is possible that files are created outside of path, e.g. members that have absolute filenames starting with "/" or filenames with two dots "..".

    https://docs.python.org/3/library/tarfile.html#tarfile.TarFile.extractall

    I would be careful if using this as a general purpose tool.

    A better alternative would likely be to use the regular command-line tools which have been hardened to this type of thing (and are likely much faster) and then just inspect the result. Always create a wrapper directory, then if the result is only one directory inside of that move it out, otherwise just keep the wrapper. I would recommend that the other updates their tool to do this rather than the current approach.

    • UPDATE: Implemented VERT_USE_EXTERNAL_TOOLS environment variable. See #Configuration.

      I had passed the filter parameter as "data", which should help prevent most issues with it but yes I agree that it would've been better to use external tools to do the heavy-lifting. I avoided them to make the program cross-platform and easier to setup (you currently can just run a simple pip command to install it). I may introduce them as optional backends later with a warning on the default ones but for now I'm postponing it.

You've viewed 12 comments.