##// END OF EJS Templates
Pin black in CI...
martinRenou -
Show More
@@ -1,40 +1,40 b''
1 # This workflow will install Python dependencies, run tests and lint with a variety of Python versions
1 # This workflow will install Python dependencies, run tests and lint with a variety of Python versions
2 # For more information see: https://help.github.com/actions/language-and-framework-guides/using-python-with-github-actions
2 # For more information see: https://help.github.com/actions/language-and-framework-guides/using-python-with-github-actions
3
3
4 name: Python package
4 name: Python package
5
5
6 on:
6 on:
7 push:
7 push:
8 branches: [ master, 7.x ]
8 branches: [ master, 7.x ]
9 pull_request:
9 pull_request:
10 branches: [ master, 7.x ]
10 branches: [ master, 7.x ]
11
11
12 jobs:
12 jobs:
13 formatting:
13 formatting:
14
14
15 runs-on: ubuntu-latest
15 runs-on: ubuntu-latest
16 timeout-minutes: 5
16 timeout-minutes: 5
17 strategy:
17 strategy:
18 matrix:
18 matrix:
19 python-version: [3.8]
19 python-version: [3.8]
20
20
21 steps:
21 steps:
22 - uses: actions/checkout@v2
22 - uses: actions/checkout@v2
23 with:
23 with:
24 fetch-depth: 0
24 fetch-depth: 0
25 - name: Set up Python ${{ matrix.python-version }}
25 - name: Set up Python ${{ matrix.python-version }}
26 uses: actions/setup-python@v2
26 uses: actions/setup-python@v2
27 with:
27 with:
28 python-version: ${{ matrix.python-version }}
28 python-version: ${{ matrix.python-version }}
29 - name: Install dependencies
29 - name: Install dependencies
30 run: |
30 run: |
31 python -m pip install --upgrade pip
31 python -m pip install --upgrade pip
32 pip install darker
32 pip install darker black==21.12b0
33 - name: Lint with darker
33 - name: Lint with darker
34 run: |
34 run: |
35 darker -r 60625f241f298b5039cb2debc365db38aa7bb522 --check --diff . || (
35 darker -r 60625f241f298b5039cb2debc365db38aa7bb522 --check --diff . || (
36 echo "Changes need auto-formatting. Run:"
36 echo "Changes need auto-formatting. Run:"
37 echo " darker -r 60625f241f298b5039cb2debc365db38aa7bb522"
37 echo " darker -r 60625f241f298b5039cb2debc365db38aa7bb522"
38 echo "then commit and push changes to fix."
38 echo "then commit and push changes to fix."
39 exit 1
39 exit 1
40 )
40 )
@@ -1,56 +1,65 b''
1 """
1 """
2 Test that CVEs stay fixed.
2 Test that CVEs stay fixed.
3 """
3 """
4
4
5 from IPython.utils.tempdir import TemporaryDirectory, TemporaryWorkingDirectory
5 from IPython.utils.tempdir import TemporaryDirectory, TemporaryWorkingDirectory
6 from pathlib import Path
6 from pathlib import Path
7 import random
7 import random
8 import sys
8 import sys
9 import os
9 import os
10 import string
10 import string
11 import subprocess
11 import subprocess
12 import time
12 import time
13
13
14
14 def test_cve_2022_21699():
15 def test_cve_2022_21699():
15 """
16 """
16 Here we test CVE-2022-21699.
17 Here we test CVE-2022-21699.
17
18
18 We create a temporary directory, cd into it.
19 We create a temporary directory, cd into it.
19 Make a profile file that should not be executed and start IPython in a subprocess,
20 Make a profile file that should not be executed and start IPython in a subprocess,
20 checking for the value.
21 checking for the value.
21
22
22
23
23
24
24 """
25 """
25
26
26 dangerous_profile_dir = Path('profile_default')
27 dangerous_profile_dir = Path("profile_default")
27
28
28 dangerous_startup_dir = dangerous_profile_dir / 'startup'
29 dangerous_startup_dir = dangerous_profile_dir / "startup"
29 dangerous_expected = 'CVE-2022-21699-'+''.join([random.choice(string.ascii_letters) for i in range(10)])
30 dangerous_expected = "CVE-2022-21699-" + "".join(
31 [random.choice(string.ascii_letters) for i in range(10)]
32 )
30
33
31 with TemporaryWorkingDirectory() as t:
34 with TemporaryWorkingDirectory() as t:
32 dangerous_startup_dir.mkdir(parents=True)
35 dangerous_startup_dir.mkdir(parents=True)
33 (dangerous_startup_dir/ 'foo.py').write_text(f'print("{dangerous_expected}")')
36 (dangerous_startup_dir / "foo.py").write_text(f'print("{dangerous_expected}")')
34 # 1 sec to make sure FS is flushed.
37 # 1 sec to make sure FS is flushed.
35 #time.sleep(1)
38 # time.sleep(1)
36 cmd = [sys.executable,'-m', 'IPython']
39 cmd = [sys.executable, "-m", "IPython"]
37 env = os.environ.copy()
40 env = os.environ.copy()
38 env['IPY_TEST_SIMPLE_PROMPT'] = '1'
41 env["IPY_TEST_SIMPLE_PROMPT"] = "1"
39
40
42
41 # First we fake old behavior, making sure the profile is/was actually dangerous
43 # First we fake old behavior, making sure the profile is/was actually dangerous
42 p_dangerous = subprocess.Popen(cmd + [f'--profile-dir={dangerous_profile_dir}'], env=env, stdin=subprocess.PIPE,
44 p_dangerous = subprocess.Popen(
43 stdout=subprocess.PIPE, stderr=subprocess.PIPE)
45 cmd + [f"--profile-dir={dangerous_profile_dir}"],
46 env=env,
47 stdin=subprocess.PIPE,
48 stdout=subprocess.PIPE,
49 stderr=subprocess.PIPE,
50 )
44 out_dangerous, err_dangerouns = p_dangerous.communicate(b"exit\r")
51 out_dangerous, err_dangerouns = p_dangerous.communicate(b"exit\r")
45 assert dangerous_expected in out_dangerous.decode()
52 assert dangerous_expected in out_dangerous.decode()
46
53
47 # Now that we know it _would_ have been dangerous, we test it's not loaded
54 # Now that we know it _would_ have been dangerous, we test it's not loaded
48 p = subprocess.Popen(cmd, env=env, stdin=subprocess.PIPE,
55 p = subprocess.Popen(
49 stdout=subprocess.PIPE, stderr=subprocess.PIPE)
56 cmd,
57 env=env,
58 stdin=subprocess.PIPE,
59 stdout=subprocess.PIPE,
60 stderr=subprocess.PIPE,
61 )
50 out, err = p.communicate(b"exit\r")
62 out, err = p.communicate(b"exit\r")
51 assert b'IPython' in out
63 assert b"IPython" in out
52 assert dangerous_expected not in out.decode()
64 assert dangerous_expected not in out.decode()
53 assert err == b''
65 assert err == b""
54
55
56
General Comments 0
You need to be logged in to leave comments. Login now