Summary
The Census ZIP downloader in policyengine-us extracts archives without validating member paths.
Severity
Medium
Impact
A crafted archive can perform zip-slip and write files outside the intended extraction directory.
Affected code
policyengine_us/tools/geography/download_50_state_census_block_data.py:121-128
Details
The tool downloads a ZIP and immediately calls extractall(...) on it.
Expected behavior
Archive extraction should validate each member path and reject traversal entries.
Suggested remediation
- Implement a safe extraction helper that rejects absolute paths and
.. traversal
- Add regression tests with malicious ZIP entries
Summary
The Census ZIP downloader in
policyengine-usextracts archives without validating member paths.Severity
Medium
Impact
A crafted archive can perform zip-slip and write files outside the intended extraction directory.
Affected code
policyengine_us/tools/geography/download_50_state_census_block_data.py:121-128Details
The tool downloads a ZIP and immediately calls
extractall(...)on it.Expected behavior
Archive extraction should validate each member path and reject traversal entries.
Suggested remediation
..traversal