package-analysis icon indicating copy to clipboard operation
package-analysis copied to clipboard
verified publisher icon ossf

support extracting zip archives

Open maxfisher-g opened this issue 2 years ago • 7 comments

Some packages such as proactive-jupyter-kernel upload their source as a zip file which currently fails as the static analysis archive extraction expects a .tar.gz file.

We should do filetype detection using file (NOT the file extension) so that we can do static analysis on zip archives too

maxfisher-g avatar Nov 16 '23 07:11 maxfisher-g

code to be updated seem to be at https://github.com/ossf/package-analysis/blob/c473e2d466d9a01425528ffdc2456246feb45c8c/internal/utils/archive_extract.go#L16

might you be open to introducing something like https://github.com/mholt/archiver?

gliptak avatar Mar 13 '24 18:03 gliptak

Hi @gliptak, yes that's a good suggestion! I'd be open to introducing something like that. Please feel free to submit a PR.

maxfisher-g avatar Mar 19 '24 03:03 maxfisher-g