##// END OF EJS Templates
upstream » ipython
RSS

Clone from https://github.com/ipython/ipython.git

Test of simpler way to define ast macros. (#14100)...
Test of simpler way to define ast macros. (#14100) Provide and easier way to generate magics and pre-post hooks This introduce a code base way of modifying the ast. This allow to use Template strings with the two special variable names names `__code__` and `__ret__` allowing to quickly write a magic, or hooks that modify the ast. This also introduce a `%code_wrap` cell magic to on the fly wrap code. It is this easy to for example modify IPython to say time each block of code, or retry them, or wrap them in try/except and analyse the error message, profile... Note that this is not new, but simply convenience function and utilities, especially around hygiene.
Matthias Bussonnier - - Load All Authors

File last commit:

r27764:aefe51c6
r28324:c3d7f161 merge
Show More
cve.py
66 lines | 2.0 KiB | text/x-python | PythonLexer
/ IPython / tests / cve.py
History | Source | Raw |Copy content |Copy permalink
Matthias Bussonnier
Add test for CVE-2022-21699
 r27465 """
Test that CVEs stay fixed.
"""
from IPython.utils.tempdir import TemporaryDirectory, TemporaryWorkingDirectory
from pathlib import Path
import random
import sys
import os
import string
import subprocess
martinRenou
Pin black in CI...
 r27480
Matthias Bussonnier
Add test for CVE-2022-21699
 r27465 def test_cve_2022_21699():
"""
Here we test CVE-2022-21699.
martinRenou
Pin black in CI...
 r27480 We create a temporary directory, cd into it.
Make a profile file that should not be executed and start IPython in a subprocess,
Matthias Bussonnier
Add test for CVE-2022-21699
 r27465 checking for the value.
"""
martinRenou
Pin black in CI...
 r27480 dangerous_profile_dir = Path("profile_default")
Matthias Bussonnier
Add test for CVE-2022-21699
 r27465
martinRenou
Pin black in CI...
 r27480 dangerous_startup_dir = dangerous_profile_dir / "startup"
dangerous_expected = "CVE-2022-21699-" + "".join(
[random.choice(string.ascii_letters) for i in range(10)]
)
Matthias Bussonnier
Add test for CVE-2022-21699
 r27465
with TemporaryWorkingDirectory() as t:
dangerous_startup_dir.mkdir(parents=True)
gousaiyang
Format code
 r27495 (dangerous_startup_dir / "foo.py").write_text(
f'print("{dangerous_expected}")', encoding="utf-8"
)
Matthias Bussonnier
Add test for CVE-2022-21699
 r27465 # 1 sec to make sure FS is flushed.
martinRenou
Pin black in CI...
 r27480 # time.sleep(1)
cmd = [sys.executable, "-m", "IPython"]
Matthias Bussonnier
Add test for CVE-2022-21699
 r27465 env = os.environ.copy()
martinRenou
Pin black in CI...
 r27480 env["IPY_TEST_SIMPLE_PROMPT"] = "1"
Matthias Bussonnier
Add test for CVE-2022-21699
 r27465
# First we fake old behavior, making sure the profile is/was actually dangerous
martinRenou
Pin black in CI...
 r27480 p_dangerous = subprocess.Popen(
cmd + [f"--profile-dir={dangerous_profile_dir}"],
env=env,
stdin=subprocess.PIPE,
stdout=subprocess.PIPE,
stderr=subprocess.PIPE,
)
Matthias Bussonnier
Add test for CVE-2022-21699
 r27465 out_dangerous, err_dangerouns = p_dangerous.communicate(b"exit\r")
assert dangerous_expected in out_dangerous.decode()
# Now that we know it _would_ have been dangerous, we test it's not loaded
martinRenou
Pin black in CI...
 r27480 p = subprocess.Popen(
cmd,
env=env,
stdin=subprocess.PIPE,
stdout=subprocess.PIPE,
stderr=subprocess.PIPE,
)
Matthias Bussonnier
Add test for CVE-2022-21699
 r27465 out, err = p.communicate(b"exit\r")
martinRenou
Pin black in CI...
 r27480 assert b"IPython" in out
Matthias Bussonnier
Add test for CVE-2022-21699
 r27465 assert dangerous_expected not in out.decode()
martinRenou
Pin black in CI...
 r27480 assert err == b""