Python Security

5 Essential Steps to Stop Python Zip Attacks in 2025

Protect your Python applications in 2025. Learn 5 essential, practical steps to prevent Zip Bomb and Path Traversal attacks when handling zip archives.

Marco Diaz

Senior Python Developer and security advocate with over a decade of experience building resilient applications.

September 8, 20257 min read18 views

Handling user-uploaded files is a standard feature in many web applications, and zip archives are a convenient way to manage multiple files at once. But in the world of web security, convenience can often be a backdoor for vulnerabilities. If your Python application accepts .zip files, you might be unknowingly exposed to serious risks like Denial-of-Service (DoS) and arbitrary file writes.

As we head into 2025, these attacks are becoming more sophisticated. Relying on default library behavior is no longer enough. This guide will walk you through five essential, battle-tested steps to secure your Python application against malicious zip archives.

What Exactly Is a Python Zip Attack?

Before we dive into solutions, let's clarify the enemy. Zip-based attacks primarily come in two flavors:

Zip Bombs (Decompression Bombs): This is a classic Denial-of-Service attack. A tiny zip file (a few kilobytes) is crafted to expand into an enormous size (gigabytes or even terabytes) when uncompressed. The most famous example is 42.zip, a 42 KB file that unzips to 4.5 petabytes of data. If your server tries to extract this, it will quickly run out of memory or disk space, crashing your application or the entire server.
Path Traversal (or Directory Traversal): This is a more insidious attack. A malicious archive contains files with deceptive names like ../../../../etc/passwd or ..\..\..\Windows\System32\kernel32.dll. When a vulnerable application extracts this archive, it can traverse up the directory tree and overwrite critical system files, inject a web shell, or steal sensitive data.

Python's standard zipfile library is powerful, but its default extractall() method offers no protection against these attacks. It's up to you, the developer, to implement the necessary safeguards.

Step 1: Assume All Archives Are Hostile (The Zero-Trust Mindset)

The single most important principle in security is to never trust user input. Treat every uploaded zip file as if it were crafted by a determined attacker. This mindset shift is crucial because it forces you to validate everything before performing any dangerous operations like writing to the filesystem.

Don't assume a file is safe just because it passed a virus scan or has a .zip extension. The validation must happen within your application logic, right before extraction.

Step 2: Inspect Before You Extract

The zipfile library allows you to read an archive's metadata without actually extracting its contents. This is your first line of defense. Before you even think about calling extract(), you should open the zip file and loop through its contents to gather intelligence.

You can get a list of all members in the archive using the infolist() method. Each item in this list is a ZipInfo object, which contains valuable metadata:

filename: The name and path of the file inside the archive.
file_size: The final, uncompressed size of the file.
compress_size: The compressed size of the file.

Here’s how you can peek inside an archive:

import zipfile

def inspect_zip(zip_path):
    try:
        with zipfile.ZipFile(zip_path, 'r') as zf:
            for member in zf.infolist():
                print(f"Filename: {member.filename}")
                print(f"  Uncompressed Size: {member.file_size} bytes")
                print(f"  Compressed Size: {member.compress_size} bytes")
    except zipfile.BadZipFile:
        print("Error: Not a valid zip file.")

This simple inspection forms the basis for the next, more active steps.

Step 3: Enforce Strict Resource Limits to Defuse Zip Bombs

Now that you can inspect the archive, you can defend against Zip Bombs. The strategy is to calculate the potential damage before it happens and abort if it exceeds your predefined safety limits.

You should enforce limits on:

Total Uncompressed Size: Sum the file_size of all members. If the total exceeds a reasonable limit (e.g., 100 MB), reject the archive.
Total Number of Files: An archive with millions of tiny files can still cause issues (inode exhaustion). Limit the number of members (e.g., to 1,000).
Individual File Size: Prevent a single massive file from being extracted.
Compression Ratio: A ridiculously high ratio (e.g., file_size / compress_size > 1000) is a huge red flag for a decompression bomb.

Naive vs. Secure Extraction

The difference in approach is stark. Here's a quick comparison:

Feature / Check	Naive `zipfile.extractall()`	Secure Extraction Method	Why It Matters
Resource Limits	None. Extracts everything blindly.	Checks total size & file count before extraction.	Prevents Zip Bomb DoS attacks.
Path Traversal	Vulnerable. Can overwrite files outside the target directory.	Sanitizes each member's path.	Prevents system file compromise.
Symlinks	Extracts them by default, which can point to sensitive files.	Explicitly disallows or ignores symlinks.	Prevents another vector for arbitrary file access.

Step 4: Neutralize Path Traversal Vulnerabilities

This is arguably the most critical step, as a successful path traversal attack can lead to a full system compromise. The goal is to ensure that every single file extracted from the archive lands inside your intended destination directory and nowhere else.

Never trust the filename attribute from the ZipInfo object. You must validate it.

Here's how to do it correctly:

Define a safe, absolute path for your destination directory.
For each member in the archive, create the full, intended destination path.
Resolve the real, absolute path of this intended destination.
Check if this resolved path shares a common prefix with your safe destination directory.

In Python, this is easier than it sounds using the os.path module:

import os

def is_path_safe(destination_dir, member_path):
    # Normalize and create absolute paths
    dest_dir_abs = os.path.abspath(destination_dir)
    member_path_abs = os.path.abspath(os.path.join(dest_dir_abs, member_path))

    # Check if the resolved path is still inside the destination directory
    # os.path.commonpath is perfect for this!
    return os.path.commonpath([member_path_abs, dest_dir_abs]) == dest_dir_abs

# --- Example Usage ---
# This is safe
is_path_safe('/tmp/safe_zone', 'images/pic1.jpg') # Returns True

# This is a path traversal attack!
is_path_safe('/tmp/safe_zone', '../../etc/hosts') # Returns False

You must perform this check for every single file before extracting it. If any file fails the check, abort the entire operation and delete the uploaded archive.

Step 5: Isolate the Extraction Process

Defense-in-depth is a core security concept. Even with the checks above, it's wise to add another layer of protection by isolating the environment where the extraction occurs.

Use Temporary Directories: Always extract files to a temporary, non-public directory created with the tempfile module. This directory should have restrictive permissions. After you've processed the files (e.g., moved validated images to a public media folder), delete the temporary directory completely.
Run with Low Privileges: If possible, the Python process handling file uploads and extractions should run as a low-privileged user. This way, even if a vulnerability is exploited, the attacker's capabilities are severely limited. They won't be able to overwrite system files if the user doesn't have permission to do so.
Consider Sandboxing: For high-security applications, you might run the entire extraction logic in a container (like Docker) or a sandbox, completely isolating it from the host system's filesystem.

Putting It All Together: A Secure Extraction Function

Let's combine these steps into a single, robust function you can use in your projects. This function will perform all the necessary checks before safely extracting an archive.

import os
import zipfile
import tempfile

# --- Define your safety limits ---
MAX_TOTAL_SIZE = 100 * 1024 * 1024  # 100 MB
MAX_FILE_COUNT = 1000
MAX_COMPRESSION_RATIO = 10

def secure_extract_zip(zip_path, destination_dir):
    """Extracts a zip file securely after performing safety checks."""
    total_size = 0
    file_count = 0

    try:
        with zipfile.ZipFile(zip_path, 'r') as zf:
            # Get absolute path of destination to be safe
            dest_dir_abs = os.path.abspath(destination_dir)

            for member in zf.infolist():
                # --- Path Traversal Check ---
                member_path = member.filename
                # Don't trust the filename, resolve the real path
                final_path = os.path.abspath(os.path.join(dest_dir_abs, member_path))

                if os.path.commonpath([final_path, dest_dir_abs]) != dest_dir_abs:
                    raise ValueError(f"Path Traversal detected for file: {member_path}")

                # Skip directories, we will create them safely
                if member.is_dir():
                    continue

                # --- Resource Limit Checks ---
                file_count += 1
                if file_count > MAX_FILE_COUNT:
                    raise ValueError(f"Exceeded max file count of {MAX_FILE_COUNT}")

                total_size += member.file_size
                if total_size > MAX_TOTAL_SIZE:
                    raise ValueError(f"Exceeded max total size of {MAX_TOTAL_SIZE} bytes")
                
                if member.compress_size > 0:
                    ratio = member.file_size / member.compress_size
                    if ratio > MAX_COMPRESSION_RATIO:
                        raise ValueError(f"File {member_path} has suspicious compression ratio.")

            # If all checks pass, proceed with extraction one by one
            for member in zf.infolist():
                if member.is_dir():
                    continue # We create dirs as needed, not from archive info
                
                # Get the safe path again
                target_path = os.path.join(dest_dir_abs, member.filename)
                
                # Create parent directories if they don't exist
                os.makedirs(os.path.dirname(target_path), exist_ok=True)
                
                # Extract the file
                with zf.open(member, 'r') as source, open(target_path, 'wb') as target:
                    target.write(source.read())

        print("Archive extracted successfully and safely.")
        return True

    except zipfile.BadZipFile:
        print("Error: Invalid ZIP file.")
        return False
    except ValueError as e:
        print(f"Security Error: {e}")
        # IMPORTANT: Clean up partially extracted files
        # A better approach is to extract to a temp dir and only move on success
        return False

# --- Example of safe usage ---
# 1. Create a temporary directory for extraction
with tempfile.TemporaryDirectory() as temp_dir:
    is_safe = secure_extract_zip('path/to/user_upload.zip', temp_dir)
    if is_safe:
        # Now you can process the files inside temp_dir
        print(f"Files are safely in {temp_dir}")
    else:
        print("Extraction failed. The temp directory will be auto-deleted.")

Final Thoughts

Handling file uploads doesn't have to be a source of anxiety. By moving away from a default-allow mindset to a proactive, validation-first approach, you can effectively neutralize the threat of zip-based attacks. The five steps—adopting a zero-trust policy, inspecting archives, enforcing resource limits, preventing path traversal, and isolating the process—create a powerful, layered defense for your Python applications.

Remember, the `zipfile` library is a tool, not a security guard. It's our responsibility as developers to wield it safely and build applications that are not just functional, but resilient.