cve.py
66 lines
| 2.0 KiB
| text/x-python
|
PythonLexer
Matthias Bussonnier
|
r27465 | """ | ||
| Test that CVEs stay fixed. | ||||
| """ | ||||
| from IPython.utils.tempdir import TemporaryDirectory, TemporaryWorkingDirectory | ||||
| from pathlib import Path | ||||
| import random | ||||
| import sys | ||||
| import os | ||||
| import string | ||||
| import subprocess | ||||
martinRenou
|
r27480 | |||
|
Matthias Bussonnier
|
r27465 | def test_cve_2022_21699(): | ||
| """ | ||||
| Here we test CVE-2022-21699. | ||||
|
martinRenou
|
r27480 | We create a temporary directory, cd into it. | ||
| Make a profile file that should not be executed and start IPython in a subprocess, | ||||
|
Matthias Bussonnier
|
r27465 | checking for the value. | ||
| """ | ||||
|
martinRenou
|
r27480 | dangerous_profile_dir = Path("profile_default") | ||
|
Matthias Bussonnier
|
r27465 | |||
|
martinRenou
|
r27480 | dangerous_startup_dir = dangerous_profile_dir / "startup" | ||
| dangerous_expected = "CVE-2022-21699-" + "".join( | ||||
| [random.choice(string.ascii_letters) for i in range(10)] | ||||
| ) | ||||
|
Matthias Bussonnier
|
r27465 | |||
| with TemporaryWorkingDirectory() as t: | ||||
| dangerous_startup_dir.mkdir(parents=True) | ||||
gousaiyang
|
r27495 | (dangerous_startup_dir / "foo.py").write_text( | ||
| f'print("{dangerous_expected}")', encoding="utf-8" | ||||
| ) | ||||
|
Matthias Bussonnier
|
r27465 | # 1 sec to make sure FS is flushed. | ||
|
martinRenou
|
r27480 | # time.sleep(1) | ||
| cmd = [sys.executable, "-m", "IPython"] | ||||
|
Matthias Bussonnier
|
r27465 | env = os.environ.copy() | ||
|
martinRenou
|
r27480 | env["IPY_TEST_SIMPLE_PROMPT"] = "1" | ||
|
Matthias Bussonnier
|
r27465 | |||
| # First we fake old behavior, making sure the profile is/was actually dangerous | ||||
|
martinRenou
|
r27480 | p_dangerous = subprocess.Popen( | ||
| cmd + [f"--profile-dir={dangerous_profile_dir}"], | ||||
| env=env, | ||||
| stdin=subprocess.PIPE, | ||||
| stdout=subprocess.PIPE, | ||||
| stderr=subprocess.PIPE, | ||||
| ) | ||||
|
Matthias Bussonnier
|
r27465 | out_dangerous, err_dangerouns = p_dangerous.communicate(b"exit\r") | ||
| assert dangerous_expected in out_dangerous.decode() | ||||
| # Now that we know it _would_ have been dangerous, we test it's not loaded | ||||
|
martinRenou
|
r27480 | p = subprocess.Popen( | ||
| cmd, | ||||
| env=env, | ||||
| stdin=subprocess.PIPE, | ||||
| stdout=subprocess.PIPE, | ||||
| stderr=subprocess.PIPE, | ||||
| ) | ||||
|
Matthias Bussonnier
|
r27465 | out, err = p.communicate(b"exit\r") | ||
|
martinRenou
|
r27480 | assert b"IPython" in out | ||
|
Matthias Bussonnier
|
r27465 | assert dangerous_expected not in out.decode() | ||
|
martinRenou
|
r27480 | assert err == b"" | ||