Sane way to extract/view archived contents. Contribute to eeriemyxi/vert development by creating an account on GitHub.
I like trying out new things quite frequently and often times these tools are packed in an archive file. But I'm in constant fear whenever I am to unpack those archives because sometimes there are hundreds of files and the person who packed them wouldn't even do the bare minimum of nesting them inside a directory.
Dolphin (file explorer) had a useful thing where it would detect whether the contents are already nested and if they are not only then it would nest them inside a directory. I tried searching for something similar for the CLI but couldn't find anything so here it is. Another benefit is that it supports .zip, .tar.xz, .tar.gz simultaneously so I don't need to deal with manpages of unzip, tar thousand times just because I keep forgetting how to use them. Now it's just vert x file.zip.
I can add support for a few more formats but I don't feel the need at least for now (PRs welcome).
Never extract archives from untrusted sources without prior inspection. It is possible that files are created outside of path, e.g. members that have absolute filenames starting with "/" or filenames with two dots "..".
I would be careful if using this as a general purpose tool.
A better alternative would likely be to use the regular command-line tools which have been hardened to this type of thing (and are likely much faster) and then just inspect the result. Always create a wrapper directory, then if the result is only one directory inside of that move it out, otherwise just keep the wrapper. I would recommend that the other updates their tool to do this rather than the current approach.
UPDATE: Implemented VERT_USE_EXTERNAL_TOOLS environment variable. See #Configuration.
I had passed the filter parameter as "data", which should help prevent most issues with it but yes I agree that it would've been better to use external tools to do the heavy-lifting. I avoided them to make the program cross-platform and easier to setup (you currently can just run a simple pip command to install it). I may introduce them as optional backends later with a warning on the default ones but for now I'm postponing it.