Show More
@@ -29,7 +29,7 b' jobs:' | |||||
29 | - name: Install dependencies |
|
29 | - name: Install dependencies | |
30 | run: | |
|
30 | run: | | |
31 | python -m pip install --upgrade pip |
|
31 | python -m pip install --upgrade pip | |
32 | pip install darker |
|
32 | pip install darker black==21.12b0 | |
33 | - name: Lint with darker |
|
33 | - name: Lint with darker | |
34 | run: | |
|
34 | run: | | |
35 | darker -r 60625f241f298b5039cb2debc365db38aa7bb522 --check --diff . || ( |
|
35 | darker -r 60625f241f298b5039cb2debc365db38aa7bb522 --check --diff . || ( |
@@ -11,6 +11,7 b' import string' | |||||
11 | import subprocess |
|
11 | import subprocess | |
12 | import time |
|
12 | import time | |
13 |
|
13 | |||
|
14 | ||||
14 | def test_cve_2022_21699(): |
|
15 | def test_cve_2022_21699(): | |
15 | """ |
|
16 | """ | |
16 | Here we test CVE-2022-21699. |
|
17 | Here we test CVE-2022-21699. | |
@@ -23,34 +24,42 b' def test_cve_2022_21699():' | |||||
23 |
|
24 | |||
24 | """ |
|
25 | """ | |
25 |
|
26 | |||
26 |
dangerous_profile_dir = Path( |
|
27 | dangerous_profile_dir = Path("profile_default") | |
27 |
|
28 | |||
28 |
dangerous_startup_dir = dangerous_profile_dir / |
|
29 | dangerous_startup_dir = dangerous_profile_dir / "startup" | |
29 | dangerous_expected = 'CVE-2022-21699-'+''.join([random.choice(string.ascii_letters) for i in range(10)]) |
|
30 | dangerous_expected = "CVE-2022-21699-" + "".join( | |
|
31 | [random.choice(string.ascii_letters) for i in range(10)] | |||
|
32 | ) | |||
30 |
|
33 | |||
31 | with TemporaryWorkingDirectory() as t: |
|
34 | with TemporaryWorkingDirectory() as t: | |
32 | dangerous_startup_dir.mkdir(parents=True) |
|
35 | dangerous_startup_dir.mkdir(parents=True) | |
33 |
(dangerous_startup_dir/ |
|
36 | (dangerous_startup_dir / "foo.py").write_text(f'print("{dangerous_expected}")') | |
34 | # 1 sec to make sure FS is flushed. |
|
37 | # 1 sec to make sure FS is flushed. | |
35 | #time.sleep(1) |
|
38 | # time.sleep(1) | |
36 |
cmd = [sys.executable, |
|
39 | cmd = [sys.executable, "-m", "IPython"] | |
37 | env = os.environ.copy() |
|
40 | env = os.environ.copy() | |
38 |
env[ |
|
41 | env["IPY_TEST_SIMPLE_PROMPT"] = "1" | |
39 |
|
||||
40 |
|
42 | |||
41 | # First we fake old behavior, making sure the profile is/was actually dangerous |
|
43 | # First we fake old behavior, making sure the profile is/was actually dangerous | |
42 | p_dangerous = subprocess.Popen(cmd + [f'--profile-dir={dangerous_profile_dir}'], env=env, stdin=subprocess.PIPE, |
|
44 | p_dangerous = subprocess.Popen( | |
43 | stdout=subprocess.PIPE, stderr=subprocess.PIPE) |
|
45 | cmd + [f"--profile-dir={dangerous_profile_dir}"], | |
|
46 | env=env, | |||
|
47 | stdin=subprocess.PIPE, | |||
|
48 | stdout=subprocess.PIPE, | |||
|
49 | stderr=subprocess.PIPE, | |||
|
50 | ) | |||
44 | out_dangerous, err_dangerouns = p_dangerous.communicate(b"exit\r") |
|
51 | out_dangerous, err_dangerouns = p_dangerous.communicate(b"exit\r") | |
45 | assert dangerous_expected in out_dangerous.decode() |
|
52 | assert dangerous_expected in out_dangerous.decode() | |
46 |
|
53 | |||
47 | # Now that we know it _would_ have been dangerous, we test it's not loaded |
|
54 | # Now that we know it _would_ have been dangerous, we test it's not loaded | |
48 |
p = subprocess.Popen( |
|
55 | p = subprocess.Popen( | |
49 | stdout=subprocess.PIPE, stderr=subprocess.PIPE) |
|
56 | cmd, | |
|
57 | env=env, | |||
|
58 | stdin=subprocess.PIPE, | |||
|
59 | stdout=subprocess.PIPE, | |||
|
60 | stderr=subprocess.PIPE, | |||
|
61 | ) | |||
50 | out, err = p.communicate(b"exit\r") |
|
62 | out, err = p.communicate(b"exit\r") | |
51 |
assert b |
|
63 | assert b"IPython" in out | |
52 | assert dangerous_expected not in out.decode() |
|
64 | assert dangerous_expected not in out.decode() | |
53 |
assert err == b |
|
65 | assert err == b"" | |
54 |
|
||||
55 |
|
||||
56 |
|
General Comments 0
You need to be logged in to leave comments.
Login now