##// END OF EJS Templates
upstream » ipython
RSS

Clone from https://github.com/ipython/ipython.git

Fix CVE-2023-24816 by removing legacy code....
Fix CVE-2023-24816 by removing legacy code. Remove legacy code that might trigger a CVE. Currently set_term_title is only called with (semi-)trusted input that contain the current working directory of the current IPython session. If an attacker can control directory names, and manage to get a user cd into this directory the attacker can execute arbitrary commands contained in the folder names. Example: - On a windows machine where python is built without _ctypes, create a folder called && echo "pwn" > pwn.txt. This can be done by for example cloning a git repository. - call toggled_set_term_title(True), (or have the preference to true) - Open IPython and cd into this directory. - the folder now contain a pwn.txt, with pwn as content, despite the user not asking for any code execution. Workaround: Set the configuration option c.TerminalInteractiveShell.term_title_format='IPython' (or to any other fixed, safe string).
Matthias Bussonnier - - Load All Authors

File last commit:

r27747:f5d4e0ac
r28089:991849c2
Show More
tempdir.py
59 lines | 1.8 KiB | text/x-python | PythonLexer
/ IPython / utils / tempdir.py
History | Source | Raw |Copy content |Copy permalink
Srinivas Reddy Thatiparthy
Add docstring
 r23288 """ This module contains classes - NamedFileInTemporaryDirectory, TemporaryWorkingDirectory.
Srinivas Reddy Thatiparthy
remove unused imports
 r23701 These classes add extra features such as creating a named file in temporary directory and
Srinivas Reddy Thatiparthy
Add docstring
 r23288 creating a context manager for the working directory which is also temporary.
"""
Min RK
Revert "use testpath.tempdir for utils.tempdir"
 r21102 import os as _os
Jakub Klus
Use pathlib in utils/tempdir.
 r26192 from pathlib import Path
Srinivas Reddy Thatiparthy
Remove TemporaryDirectory class...
 r23287 from tempfile import TemporaryDirectory
Min RK
Revert "use testpath.tempdir for utils.tempdir"
 r21102
Srinivas Reddy Thatiparthy
remove unused imports
 r23701
Min RK
Revert "use testpath.tempdir for utils.tempdir"
 r21102 class NamedFileInTemporaryDirectory(object):
Matthias Bussonnier
MAINT: cleanup imports of tempdir....
 r27509 def __init__(self, filename, mode="w+b", bufsize=-1, add_to_syspath=False, **kwds):
Min RK
Revert "use testpath.tempdir for utils.tempdir"
 r21102 """
Open a file named `filename` in a temporary directory.
This context manager is preferred over `NamedTemporaryFile` in
stdlib `tempfile` when one needs to reopen the file.
Arguments `mode` and `bufsize` are passed to `open`.
Rest of the arguments are passed to `TemporaryDirectory`.
"""
self._tmpdir = TemporaryDirectory(**kwds)
Jakub Klus
Use pathlib in utils/tempdir.
 r26192 path = Path(self._tmpdir.name) / filename
gousaiyang
Format code
 r27495 encoding = None if "b" in mode else "utf-8"
gousaiyang
Fix EncodingWarning on Python 3.10
 r27494 self.file = open(path, mode, bufsize, encoding=encoding)
Min RK
Revert "use testpath.tempdir for utils.tempdir"
 r21102
def cleanup(self):
self.file.close()
self._tmpdir.cleanup()
__del__ = cleanup
def __enter__(self):
return self.file
def __exit__(self, type, value, traceback):
self.cleanup()
class TemporaryWorkingDirectory(TemporaryDirectory):
"""
Creates a temporary directory and sets the cwd to that directory.
Automatically reverts to previous cwd upon cleanup.
Usage example:
with TemporaryWorkingDirectory() as tmpdir:
...
"""
Matthias Bussonnier
MAINT: run black on files that ends up in a single line change....
 r27747
Min RK
Revert "use testpath.tempdir for utils.tempdir"
 r21102 def __enter__(self):
Jakub Klus
Use pathlib in utils/tempdir.
 r26192 self.old_wd = Path.cwd()
Min RK
Revert "use testpath.tempdir for utils.tempdir"
 r21102 _os.chdir(self.name)
return super(TemporaryWorkingDirectory, self).__enter__()
def __exit__(self, exc, value, tb):
_os.chdir(self.old_wd)
return super(TemporaryWorkingDirectory, self).__exit__(exc, value, tb)