Conversation
Add --password flag (repeatable) to try passwords on encrypted zip members. Enable AES encryption support in the zip crate. Track the successful password in CandidateSource and emit it in GEX Python output.
There was a problem hiding this comment.
Pull request overview
This PR adds support for password-protected ZIP inputs by introducing a repeatable --password CLI flag, enabling AES support in the Rust zip crate, and propagating the successfully used password through CandidateSource so it can be emitted in generated GEX Python tasks.
Changes:
- Add
--password(repeatable) and thread provided passwords into candidate loading. - Attempt decryption of encrypted ZIP members using supplied passwords and record the successful password in
CandidateSource::Zip. - Update GEX task generation to pass
pwd=...when opening ZIP members; enablezipcrate AES feature and update dependency versions.
Reviewed changes
Copilot reviewed 6 out of 7 changed files in this pull request and generated 4 comments.
Show a summary per file
| File | Description |
|---|---|
| src/utils.rs | Adds password-aware ZIP member extraction and updates candidate loading API. |
| src/types.rs | Extends CandidateSource::Zip to optionally store the password used. |
| src/main.rs | Adds --password flag and passes passwords into candidate loading. |
| src/gex.rs | Emits ZIP open calls with pwd= when a password is known. |
| src/pipeline.rs | Suppresses clippy warning for run_pipeline argument count. |
| Cargo.toml | Enables AES feature in zip crate and bumps clap minor version. |
| Cargo.lock | Locks updated dependency graph for AES/zip/clap changes. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Use deflate-flate2 instead of deflate for the zip crate to avoid pulling in zopfli (compression) when we only need decompression. Replace sha1_smol with sha1, which is already a transitive dependency.
Propagate errors from by_index_raw instead of silently swallowing them. Distinguish wrong-password errors from real I/O failures when decrypting zip members, accounting for AES HMAC validation at end-of-stream. Update doc comment and note Python zipfile AES limitation in GEX output.
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 8 out of 9 changed files in this pull request and generated 4 comments.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Add --password-file option to avoid exposing passwords in ps output and shell history. Emit AES limitation note into generated Python output instead of only as a Rust source comment. Deduplicate candidate construction between encrypted and unencrypted zip branches. Add tests for plain zip extraction, correct/wrong/missing password handling.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Add
--passwordflag (repeatable) to try passwords on encrypted zip members. Enable AES encryption support in thezipcrate. Track the successful password inCandidateSourceand emit it in GEX Python output.