{"name": "GeoGenie", "package_name": "geogenie", "version": "1.0.1", "experimental": false, "qgis_min": "3.28.0", "qgis_max": "4.99.0", "downloads": 209, "uploaded_by": "kodeezabdullah", "upload_datetime": "2026-06-11T12:15:14.471766", "changelog": "Replaced every extractall() call \u2014 in the plugin (analyzer.py, sar_flood.py) and in the generated pipeline scripts (pipeline_manager.py) \u2014 with safe member-by-member extraction that:\r\n\r\nComputes where each member would be written and checks (via os.path.realpath + os.path.commonpath) that it stays inside the target directory.\r\nRaises ValueError on any member that would escape \u2014 before writing anything.\r\nExtracts members individually with .extract() instead of .extractall(), so the syntactic Bandit rule has nothing to flag.\r\nFor tar on Python 3.12+, also applies the stdlib filter=\"data\" as defense-in-depth.", "external_deps": null, "download_url": "https://plugins.qgis.org/plugins/geogenie/version/1.0.1/download/"}