Show More
@@ -0,0 +1,56 b'' | |||||
|
1 | """ | |||
|
2 | Test that CVEs stay fixed. | |||
|
3 | """ | |||
|
4 | ||||
|
5 | from IPython.utils.tempdir import TemporaryDirectory, TemporaryWorkingDirectory | |||
|
6 | from pathlib import Path | |||
|
7 | import random | |||
|
8 | import sys | |||
|
9 | import os | |||
|
10 | import string | |||
|
11 | import subprocess | |||
|
12 | import time | |||
|
13 | ||||
|
14 | def test_cve_2022_21699(): | |||
|
15 | """ | |||
|
16 | Here we test CVE-2022-21699. | |||
|
17 | ||||
|
18 | We create a temporary directory, cd into it. | |||
|
19 | Make a profile file that should not be executed and start IPython in a subprocess, | |||
|
20 | checking for the value. | |||
|
21 | ||||
|
22 | ||||
|
23 | ||||
|
24 | """ | |||
|
25 | ||||
|
26 | dangerous_profile_dir = Path('profile_default') | |||
|
27 | ||||
|
28 | dangerous_startup_dir = dangerous_profile_dir / 'startup' | |||
|
29 | dangerous_expected = 'CVE-2022-21699-'+''.join([random.choice(string.ascii_letters) for i in range(10)]) | |||
|
30 | ||||
|
31 | with TemporaryWorkingDirectory() as t: | |||
|
32 | dangerous_startup_dir.mkdir(parents=True) | |||
|
33 | (dangerous_startup_dir/ 'foo.py').write_text(f'print("{dangerous_expected}")') | |||
|
34 | # 1 sec to make sure FS is flushed. | |||
|
35 | #time.sleep(1) | |||
|
36 | cmd = [sys.executable,'-m', 'IPython'] | |||
|
37 | env = os.environ.copy() | |||
|
38 | env['IPY_TEST_SIMPLE_PROMPT'] = '1' | |||
|
39 | ||||
|
40 | ||||
|
41 | # First we fake old behavior, making sure the profile is/was actually dangerous | |||
|
42 | p_dangerous = subprocess.Popen(cmd + [f'--profile-dir={dangerous_profile_dir}'], env=env, stdin=subprocess.PIPE, | |||
|
43 | stdout=subprocess.PIPE, stderr=subprocess.PIPE) | |||
|
44 | out_dangerous, err_dangerouns = p_dangerous.communicate(b"exit\r") | |||
|
45 | assert dangerous_expected in out_dangerous.decode() | |||
|
46 | ||||
|
47 | # Now that we know it _would_ have been dangerous, we test it's not loaded | |||
|
48 | p = subprocess.Popen(cmd, env=env, stdin=subprocess.PIPE, | |||
|
49 | stdout=subprocess.PIPE, stderr=subprocess.PIPE) | |||
|
50 | out, err = p.communicate(b"exit\r") | |||
|
51 | assert b'IPython' in out | |||
|
52 | assert dangerous_expected not in out.decode() | |||
|
53 | assert err == b'' | |||
|
54 | ||||
|
55 | ||||
|
56 |
@@ -65,6 +65,10 b" __author__ = '%s <%s>' % (release.author, release.author_email)" | |||||
65 | __license__ = release.license |
|
65 | __license__ = release.license | |
66 | __version__ = release.version |
|
66 | __version__ = release.version | |
67 | version_info = release.version_info |
|
67 | version_info = release.version_info | |
|
68 | # list of CVEs that should have been patched in this release. | |||
|
69 | # this is informational and should not be relied upon. | |||
|
70 | __patched_cves__ = {"CVE-2022-21699"} | |||
|
71 | ||||
68 |
|
72 | |||
69 | def embed_kernel(module=None, local_ns=None, **kwargs): |
|
73 | def embed_kernel(module=None, local_ns=None, **kwargs): | |
70 | """Embed and start an IPython kernel in a given scope. |
|
74 | """Embed and start an IPython kernel in a given scope. |
@@ -133,7 +133,7 b' class BaseIPythonApplication(Application):' | |||||
133 | config_file_paths = List(Unicode()) |
|
133 | config_file_paths = List(Unicode()) | |
134 | @default('config_file_paths') |
|
134 | @default('config_file_paths') | |
135 | def _config_file_paths_default(self): |
|
135 | def _config_file_paths_default(self): | |
136 |
return [ |
|
136 | return [] | |
137 |
|
137 | |||
138 | extra_config_file = Unicode( |
|
138 | extra_config_file = Unicode( | |
139 | help="""Path to an extra config file to load. |
|
139 | help="""Path to an extra config file to load. |
@@ -181,9 +181,10 b' class ProfileList(Application):' | |||||
181 | profiles = list_profiles_in(os.getcwd()) |
|
181 | profiles = list_profiles_in(os.getcwd()) | |
182 | if profiles: |
|
182 | if profiles: | |
183 | print() |
|
183 | print() | |
184 | print("Available profiles in current directory (%s):" % os.getcwd()) |
|
184 | print( | |
185 | self._print_profiles(profiles) |
|
185 | "Profiles from CWD have been removed for security reason, see CVE-2022-21699:" | |
186 |
|
186 | ) | ||
|
187 | ||||
187 | print() |
|
188 | print() | |
188 | print("To use any of the above profiles, start IPython with:") |
|
189 | print("To use any of the above profiles, start IPython with:") | |
189 | print(" ipython --profile=<name>") |
|
190 | print(" ipython --profile=<name>") |
@@ -186,7 +186,7 b' class ProfileDir(LoggingConfigurable):' | |||||
186 | is not found, a :class:`ProfileDirError` exception will be raised. |
|
186 | is not found, a :class:`ProfileDirError` exception will be raised. | |
187 |
|
187 | |||
188 | The search path algorithm is: |
|
188 | The search path algorithm is: | |
189 | 1. ``os.getcwd()`` |
|
189 | 1. ``os.getcwd()`` # removed for security reason. | |
190 | 2. ``ipython_dir`` |
|
190 | 2. ``ipython_dir`` | |
191 |
|
191 | |||
192 | Parameters |
|
192 | Parameters | |
@@ -198,7 +198,7 b' class ProfileDir(LoggingConfigurable):' | |||||
198 | will be "profile_<profile>". |
|
198 | will be "profile_<profile>". | |
199 | """ |
|
199 | """ | |
200 | dirname = u'profile_' + name |
|
200 | dirname = u'profile_' + name | |
201 |
paths = [ |
|
201 | paths = [ipython_dir] | |
202 | for p in paths: |
|
202 | for p in paths: | |
203 | profile_dir = os.path.join(p, dirname) |
|
203 | profile_dir = os.path.join(p, dirname) | |
204 | if os.path.isdir(profile_dir): |
|
204 | if os.path.isdir(profile_dir): |
@@ -2,6 +2,14 b'' | |||||
2 | 7.x Series |
|
2 | 7.x Series | |
3 | ============ |
|
3 | ============ | |
4 |
|
4 | |||
|
5 | ======= | |||
|
6 | .. _version 7.16.3: | |||
|
7 | ||||
|
8 | IPython 7.16.3 (CVE-2022-21699) | |||
|
9 | =============================== | |||
|
10 | ||||
|
11 | Fixed CVE-2022-21699, see IPython 8.0.1 release notes for informations. | |||
|
12 | ||||
5 | .. _version 716: |
|
13 | .. _version 716: | |
6 |
|
14 | |||
7 | IPython 7.16.1, 7.16.2 |
|
15 | IPython 7.16.1, 7.16.2 |
General Comments 0
You need to be logged in to leave comments.
Login now