@@ -128,6 +128,24 @@ async def extract_file_zst(self, filename: str, extraction_path: str) -> int:
128
128
async def extract_file_pkg (self , filename : str , extraction_path : str ) -> int :
129
129
"""Extract pkg files"""
130
130
131
+ async def _extract_through_7z () -> int :
132
+ """Extract file using `7z`"""
133
+
134
+ temp = os .path .join (self .tempdir , f"{ os .path .basename (filename )} " )
135
+ stdout , stderr , _ = await aio_run_command (
136
+ ["7z" , "x" , filename , f"-o{ self .tempdir } " ]
137
+ )
138
+ stdout , stderr , _ = await aio_run_command (
139
+ ["7z" , "x" , temp [:- 4 ], f"-o{ extraction_path } " ]
140
+ )
141
+ if not stdout :
142
+ return 1
143
+ return 0
144
+
145
+ if sys .platform .startswith ("win" ):
146
+ if await aio_inpath ("7z" ):
147
+ return await _extract_through_7z ()
148
+
131
149
# Tarfile wasn't used here because it can't open [.pkg] files directy
132
150
# and failed to manage distinct compression types in differnet versions of FreeBSD packages.
133
151
# Reference: https://github.com/intel/cve-bin-tool/pull/1580#discussion_r829346602
@@ -139,12 +157,7 @@ async def extract_file_pkg(self, filename: str, extraction_path: str) -> int:
139
157
return 1
140
158
return 0
141
159
if await aio_inpath ("7z" ):
142
- stdout , stderr , _ = await aio_run_command (
143
- ["7z" , "x" , filename , "-o" , extraction_path ]
144
- )
145
- if stderr or not stdout :
146
- return 1
147
- return 0
160
+ return await _extract_through_7z ()
148
161
return 1
149
162
150
163
async def extract_file_deb (self , filename , extraction_path ):
0 commit comments