Add warning to ZipFile.ExtractToDirectory and ExtractToDirectoryAsync docs

[Copilot]

ZipFile.ExtractToDirectory and its async variants are convenience APIs that don't enforce any limits on total uncompressed size or entry count, making them unsafe for use with untrusted archives.

Changes

• Added a [!WARNING] callout to the <remarks> of all 16 overloads across ExtractToDirectory and ExtractToDirectoryAsync in xml/System.IO.Compression/ZipFile.xml
• Warning directs callers to use ZipArchive for manual entry iteration and validate uncompressed size and entry count before extraction

The warning reads:

Warning: This method doesn't limit the total uncompressed size or the number of entries extracted from the archive. When processing archives from untrusted sources, iterate over the entries manually using ZipArchive, and validate that the total uncompressed size and the number of entries are within acceptable limits for your scenario.

The three pre-existing remark formats across the overloads are all handled:

• Markdown (<format type="text/markdown"><![CDATA[...]]>) — warning inserted inline
• Para (<para>...</para>) — <format type="text/markdown"> wrapper appended before </remarks>
• Plain text — same <format type="text/markdown"> wrapper appended before </remarks>

Original prompt

Add a security warning to the documentation for System.IO.Compression.ZipFile.ExtractToDirectory and its async variants.

Repository: dotnet/dotnet-api-docs
File to update:

• xml/System.IO.Compression/ZipFile.xml

Context:
The ZipFile.ExtractToDirectory methods and their async variants are convenience APIs that can be unsafe when used with untrusted ZIP archives because they can be used for zip-bomb-style attacks (for example, an archive that expands to a very large size or contains an excessive number of entries).

Requirements:

1. In the XML documentation for the ZipFile.ExtractToDirectory methods and the async variants, add a Warning section in the <remarks>.
2. The warning must state that when processing zip archives from untrusted sources, code should:
   • Iterate over entries manually.
   • Validate that the total uncompressed size and the number of files are permissible for the scenario.
3. Follow style constraints:
   • Use present tense.
   • Don’t use the word "may". Use "might" for possibility or "can" for permission.
   • Use a comma before clauses beginning with "which".
   • Keep a conversational tone with contractions.
   • Be concise and break up long sentences.
   • Ensure any code comments end with a period.
4. Don’t add inline markdown code blocks inside XML remarks. If a code snippet is needed, add it as a separate .cs file under the appropriate snippets folder, and add a .csproj if one doesn’t already exist.

No new code snippets are required unless you think it materially improves the warning.

Target branch: main

This pull request was created from Copilot chat.

---

💬 We'd love your input! Share your thoughts on Copilot coding agent in our 2 minute survey.

[dotnet-policy-service]

Tagging subscribers to this area: @dotnet/area-system-io-compression

[rzikm]

cc @GrabYourPitchforks, @blowdart for wording

[Copilot]

Pull request overview

This PR adds security warnings to all ZipFile.ExtractToDirectory and ExtractToDirectoryAsync methods, alerting developers that these convenience APIs don't enforce limits on uncompressed size or entry count, making them vulnerable to zip-bomb attacks when used with untrusted archives.

Changes:

• Added security warnings to 16 method overloads in ZipFile.xml
• Warning directs users to manually iterate entries using ZipArchive and validate limits before extraction
• Applied consistent warning text across three different XML documentation formats (markdown, para, plain text)

[gewarren]

Looks like we'll need to convert the entire remarks to Markdown: