cve.py
67 lines
| 2.0 KiB
| text/x-python
|
PythonLexer
Matthias Bussonnier
|
r27465 | """ | ||
Test that CVEs stay fixed. | ||||
""" | ||||
from IPython.utils.tempdir import TemporaryDirectory, TemporaryWorkingDirectory | ||||
from pathlib import Path | ||||
import random | ||||
import sys | ||||
import os | ||||
import string | ||||
import subprocess | ||||
import time | ||||
martinRenou
|
r27480 | |||
Matthias Bussonnier
|
r27465 | def test_cve_2022_21699(): | ||
""" | ||||
Here we test CVE-2022-21699. | ||||
martinRenou
|
r27480 | We create a temporary directory, cd into it. | ||
Make a profile file that should not be executed and start IPython in a subprocess, | ||||
Matthias Bussonnier
|
r27465 | checking for the value. | ||
""" | ||||
martinRenou
|
r27480 | dangerous_profile_dir = Path("profile_default") | ||
Matthias Bussonnier
|
r27465 | |||
martinRenou
|
r27480 | dangerous_startup_dir = dangerous_profile_dir / "startup" | ||
dangerous_expected = "CVE-2022-21699-" + "".join( | ||||
[random.choice(string.ascii_letters) for i in range(10)] | ||||
) | ||||
Matthias Bussonnier
|
r27465 | |||
with TemporaryWorkingDirectory() as t: | ||||
dangerous_startup_dir.mkdir(parents=True) | ||||
gousaiyang
|
r27495 | (dangerous_startup_dir / "foo.py").write_text( | ||
f'print("{dangerous_expected}")', encoding="utf-8" | ||||
) | ||||
Matthias Bussonnier
|
r27465 | # 1 sec to make sure FS is flushed. | ||
martinRenou
|
r27480 | # time.sleep(1) | ||
cmd = [sys.executable, "-m", "IPython"] | ||||
Matthias Bussonnier
|
r27465 | env = os.environ.copy() | ||
martinRenou
|
r27480 | env["IPY_TEST_SIMPLE_PROMPT"] = "1" | ||
Matthias Bussonnier
|
r27465 | |||
# First we fake old behavior, making sure the profile is/was actually dangerous | ||||
martinRenou
|
r27480 | p_dangerous = subprocess.Popen( | ||
cmd + [f"--profile-dir={dangerous_profile_dir}"], | ||||
env=env, | ||||
stdin=subprocess.PIPE, | ||||
stdout=subprocess.PIPE, | ||||
stderr=subprocess.PIPE, | ||||
) | ||||
Matthias Bussonnier
|
r27465 | out_dangerous, err_dangerouns = p_dangerous.communicate(b"exit\r") | ||
assert dangerous_expected in out_dangerous.decode() | ||||
# Now that we know it _would_ have been dangerous, we test it's not loaded | ||||
martinRenou
|
r27480 | p = subprocess.Popen( | ||
cmd, | ||||
env=env, | ||||
stdin=subprocess.PIPE, | ||||
stdout=subprocess.PIPE, | ||||
stderr=subprocess.PIPE, | ||||
) | ||||
Matthias Bussonnier
|
r27465 | out, err = p.communicate(b"exit\r") | ||
martinRenou
|
r27480 | assert b"IPython" in out | ||
Matthias Bussonnier
|
r27465 | assert dangerous_expected not in out.decode() | ||
martinRenou
|
r27480 | assert err == b"" | ||