upstream/ipython Files · IPython/tests/cve.py

ipython_directive: Adjust doc examples for reproducibility....

ipython_directive: Adjust doc examples for reproducibility. Before this change, building the documentation twice in a row in an environment configured for reproducible bulids would result in discrepancies such as: diff -ru /gnu/store/...-python-ipython-documentation-8.2.0/share/doc/python-ipython-documentation-8.2.0/html/sphinxext.html /gnu/store/...-python-ipython-documentation-8.2.0-check/share/doc/python-ipython-documentation-8.2.0/html/sphinxext.html --- /gnu/store/...-python-ipython-documentation-8.2.0/share/doc/python-ipython-documentation-8.2.0/html/sphinxext.html 1969-12-31 19:00:01.000000000 -0500 +++ /gnu/store/...-python-ipython-documentation-8.2.0-check/share/doc/python-ipython-documentation-8.2.0/html/sphinxext.html 1969-12-31 19:00:01.000000000 -0500 @@ -682,7 +682,7 @@ In [2]: import datetime ...: datetime.datetime.now() ...: -Out[2]: datetime.datetime(2022, 4, 17, 3, 21, 14, 978155) +Out[2]: datetime.datetime(2022, 4, 17, 3, 37, 37, 115081) </pre></div> </div> It supports IPython construct that plain @@ -690,7 +690,7 @@ <div class="highlight-ipython notranslate"><div class="highlight"><pre>In [3]: import time In [4]: %timeit time.sleep(0.05) -50.2 ms +- 104 us per loop (mean +- std. dev. of 7 runs, 10 loops each) +50.1 ms +- 8.86 us per loop (mean +- std. dev. of 7 runs, 10 loops each) </pre></div> </div> This will also support top-level async when using IPython 7.0+ * IPython/sphinxext/ipython_directive.py: Use a fixed date string in the datetime example, and replace the %timeit example by %pdoc, whole output is static.

gousaiyang - - Load All Authors

File last commit:

r27495:1a9d9554


                r27687:71d665c4

Download file

             cve.py
        
                    67 lines
            
             | 2.0 KiB
            
                | text/x-python
            
             |
                PythonLexer
            
             / IPython / tests / cve.py
          
                    History
                
                 |
                  Annotation
                 | Raw
                 |Copy content
                 |Copy permalink

      """

      Test that CVEs stay fixed. 

      """

      from IPython.utils.tempdir import TemporaryDirectory, TemporaryWorkingDirectory

      from pathlib import Path

      import random

      import sys

      import os

      import string

      import subprocess

      import time

      def test_cve_2022_21699():

          """

          Here we test CVE-2022-21699.

          We create a temporary directory, cd into it.

          Make a profile file that should not be executed and start IPython in a subprocess,

          checking for the value.

          """

          dangerous_profile_dir = Path("profile_default")

          dangerous_startup_dir = dangerous_profile_dir / "startup"

          dangerous_expected = "CVE-2022-21699-" + "".join(

              [random.choice(string.ascii_letters) for i in range(10)]

          )

          with TemporaryWorkingDirectory() as t:

              dangerous_startup_dir.mkdir(parents=True)

              (dangerous_startup_dir / "foo.py").write_text(

                  f'print("{dangerous_expected}")', encoding="utf-8"

              )

              # 1 sec to make sure FS is flushed.

              # time.sleep(1)

              cmd = [sys.executable, "-m", "IPython"]

              env = os.environ.copy()

              env["IPY_TEST_SIMPLE_PROMPT"] = "1"

              # First we fake old behavior, making sure the profile is/was actually dangerous

              p_dangerous = subprocess.Popen(

                  cmd + [f"--profile-dir={dangerous_profile_dir}"],

                  env=env,

                  stdin=subprocess.PIPE,

                  stdout=subprocess.PIPE,

                  stderr=subprocess.PIPE,

              )

              out_dangerous, err_dangerouns = p_dangerous.communicate(b"exit\r")

              assert dangerous_expected in out_dangerous.decode()

              # Now that we know it _would_ have been dangerous, we test it's not loaded

              p = subprocess.Popen(

                  cmd,

                  env=env,

                  stdin=subprocess.PIPE,

                  stdout=subprocess.PIPE,

                  stderr=subprocess.PIPE,

              )

              out, err = p.communicate(b"exit\r")

              assert b"IPython" in out

              assert dangerous_expected not in out.decode()

              assert err == b""

	Site-wide shortcuts
/	Use quick search box
g h	Goto home page
g g	Goto my private gists page
g G	Goto my public gists page
g 0-9	Goto bookmarked items from 0-9
n r	New repository page
n g	New gist page

	Repositories
g s	Goto summary page
g c	Goto changelog page
g f	Goto files page
g F	Goto files page with file search activated
g p	Goto pull requests page
g o	Goto repository settings
g O	Goto repository access permissions settings
t s	Toggle sidebar on some pages

				"""
				Test that CVEs stay fixed.
				"""

				from IPython.utils.tempdir import TemporaryDirectory, TemporaryWorkingDirectory
				from pathlib import Path
				import random
				import sys
				import os
				import string
				import subprocess
				import time


				def test_cve_2022_21699():
				"""
				Here we test CVE-2022-21699.

				We create a temporary directory, cd into it.
				Make a profile file that should not be executed and start IPython in a subprocess,
				checking for the value.



				"""

				dangerous_profile_dir = Path("profile_default")

				dangerous_startup_dir = dangerous_profile_dir / "startup"
				dangerous_expected = "CVE-2022-21699-" + "".join(
				[random.choice(string.ascii_letters) for i in range(10)]
				)

				with TemporaryWorkingDirectory() as t:
				dangerous_startup_dir.mkdir(parents=True)
				(dangerous_startup_dir / "foo.py").write_text(
				f'print("{dangerous_expected}")', encoding="utf-8"
				)
				# 1 sec to make sure FS is flushed.
				# time.sleep(1)
				cmd = [sys.executable, "-m", "IPython"]
				env = os.environ.copy()
				env["IPY_TEST_SIMPLE_PROMPT"] = "1"

				# First we fake old behavior, making sure the profile is/was actually dangerous
				p_dangerous = subprocess.Popen(
				cmd + [f"--profile-dir={dangerous_profile_dir}"],
				env=env,
				stdin=subprocess.PIPE,
				stdout=subprocess.PIPE,
				stderr=subprocess.PIPE,
				)
				out_dangerous, err_dangerouns = p_dangerous.communicate(b"exit\r")
				assert dangerous_expected in out_dangerous.decode()

				# Now that we know it _would_ have been dangerous, we test it's not loaded
				p = subprocess.Popen(
				cmd,
				env=env,
				stdin=subprocess.PIPE,
				stdout=subprocess.PIPE,
				stderr=subprocess.PIPE,
				)
				out, err = p.communicate(b"exit\r")
				assert b"IPython" in out
				assert dangerous_expected not in out.decode()
				assert err == b""