##// END OF EJS Templates
upstream » ipython
RSS

Clone from https://github.com/ipython/ipython.git

%time magic displays output even when code ends in semicolon #13837 (#13841)...
%time magic displays output even when code ends in semicolon #13837 (#13841) After the magic is evaluated and the result is calculated, the modification tests whether the evaluated magic was _time_ and whether semicolon is the final character. The result is killed if both things happen. My choice would be to remove the _time_ test, so a semicolon would prevent the print of the output of any magic, but this is only a suggestion I keep open. I did not write any automated test, but I can do that once (and if) the solution is accepted. [#13837](https://github.com/ipython/ipython/issues/13837) points to [#10227](https://github.com/ipython/ipython/issues/10227) (_Cell magic result in printing the last evaluated line even if followed by semicolon_). There, somebody says that ';' may be a meaningful character because we could have a C++ expression, for instance. The IPython repository says the documentation for other languages is in Jupyter. I ran Jupyter on my browser with C++ and saw that a semicolon after the last statement prevents the output to be printed (a semicolon between 2 statements in a cell seems to be necessary, though). See attached file for simple examples. Therefore, it seems that the semicolon at the end in C++ already behaves the same way that in Python and is not required by the interpreter. ![IPython_Cpp](https://user-images.githubusercontent.com/5789832/203915670-513514d6-70a4-4efa-b4f4-9a8293d5a1ff.png)
Matthias Bussonnier - - Load All Authors

File last commit:

r27764:aefe51c6
r28070:87de97f2 merge
Show More
cve.py
66 lines | 2.0 KiB | text/x-python | PythonLexer
/ IPython / tests / cve.py
History | Annotation | Raw |Copy content |Copy permalink
"""
Test that CVEs stay fixed.
"""
from IPython.utils.tempdir import TemporaryDirectory, TemporaryWorkingDirectory
from pathlib import Path
import random
import sys
import os
import string
import subprocess
def test_cve_2022_21699():
"""
Here we test CVE-2022-21699.
We create a temporary directory, cd into it.
Make a profile file that should not be executed and start IPython in a subprocess,
checking for the value.
"""
dangerous_profile_dir = Path("profile_default")
dangerous_startup_dir = dangerous_profile_dir / "startup"
dangerous_expected = "CVE-2022-21699-" + "".join(
[random.choice(string.ascii_letters) for i in range(10)]
)
with TemporaryWorkingDirectory() as t:
dangerous_startup_dir.mkdir(parents=True)
(dangerous_startup_dir / "foo.py").write_text(
f'print("{dangerous_expected}")', encoding="utf-8"
)
# 1 sec to make sure FS is flushed.
# time.sleep(1)
cmd = [sys.executable, "-m", "IPython"]
env = os.environ.copy()
env["IPY_TEST_SIMPLE_PROMPT"] = "1"
# First we fake old behavior, making sure the profile is/was actually dangerous
p_dangerous = subprocess.Popen(
cmd + [f"--profile-dir={dangerous_profile_dir}"],
env=env,
stdin=subprocess.PIPE,
stdout=subprocess.PIPE,
stderr=subprocess.PIPE,
)
out_dangerous, err_dangerouns = p_dangerous.communicate(b"exit\r")
assert dangerous_expected in out_dangerous.decode()
# Now that we know it _would_ have been dangerous, we test it's not loaded
p = subprocess.Popen(
cmd,
env=env,
stdin=subprocess.PIPE,
stdout=subprocess.PIPE,
stderr=subprocess.PIPE,
)
out, err = p.communicate(b"exit\r")
assert b"IPython" in out
assert dangerous_expected not in out.decode()
assert err == b""