I like trying out new things quite frequently and often times these tools are packed in an archive file. But I’m in constant fear whenever I am to unpack those archives because sometimes there are hundreds of files and the person who packed them wouldn’t even do the bare minimum of nesting them inside a directory.

Dolphin (file explorer) had a useful thing where it would detect whether the contents are already nested and if they are not only then it would nest them inside a directory. I tried searching for something similar for the CLI but couldn’t find anything so here it is. Another benefit is that it supports .zip, .tar.xz, .tar.gz simultaneously so I don’t need to deal with manpages of unzip, tar thousand times just because I keep forgetting how to use them. Now it’s just vert x file.zip.

I can add support for a few more formats but I don’t feel the need at least for now (PRs welcome).

  • kevincox@lemmy.ml
    link
    fedilink
    arrow-up
    0
    ·
    edit-2
    26 days ago

    Warning

    Never extract archives from untrusted sources without prior inspection. It is possible that files are created outside of path, e.g. members that have absolute filenames starting with “/” or filenames with two dots “…”.

    https://docs.python.org/3/library/tarfile.html#tarfile.TarFile.extractall

    I would be careful if using this as a general purpose tool.

    A better alternative would likely be to use the regular command-line tools which have been hardened to this type of thing (and are likely much faster) and then just inspect the result. Always create a wrapper directory, then if the result is only one directory inside of that move it out, otherwise just keep the wrapper. I would recommend that the other updates their tool to do this rather than the current approach.

    • myxi@toast.oooOP
      link
      fedilink
      English
      arrow-up
      0
      ·
      26 days ago

      I had passed the filter parameter as "data", which should help prevent most issues with it but yes I agree that it would’ve been better to use external tools to do the heavy-lifting. I avoided them to make the program cross-platform and easier to setup (you currently can just run a simple pip command to install it). I may introduce them as optional backends later with a warning on the default ones but for now I’m postponing it.