I am writing a system that accepts zipfiles from end users.
The title says it all - what precautions should I take to ensure my processing server does not get compromised when I need to unzip a completely random set of user files from a zipfile and process them?
The files will be run through some Python and other processes.
First of all, I would suggest to perform some kind of content inspection (e.g. antivirus / malware detection)
Second, I would read the files inside the ZIP file. Since you're using Python, I would suggest to have a look at: http://pymotw.com/2/zipfile/
By reading the content of the ZIP file, you could determine if the files are allowed or not (for example: .exe, .php or .asp(x) files)
Third, extract the user content to a folder where scripts like PHP / ASPX cannot be executed, preferably outside the web server's web directory.
Depending on the definition of "compromise", you might also want to check for "Zip bomb" attacks:
a zip bomb allows the program to work as intended, but the archive is carefully crafted so that unpacking it (e.g. by a virus scanner in order to scan for viruses) requires inordinate amounts of time, disk space or memory.
