##// END OF EJS Templates
upstream » ipython
RSS

Clone from https://github.com/ipython/ipython.git

Fix CVE-2023-24816 by removing legacy code....
Fix CVE-2023-24816 by removing legacy code. Remove legacy code that might trigger a CVE. Currently set_term_title is only called with (semi-)trusted input that contain the current working directory of the current IPython session. If an attacker can control directory names, and manage to get a user cd into this directory the attacker can execute arbitrary commands contained in the folder names. Example: - On a windows machine where python is built without _ctypes, create a folder called && echo "pwn" > pwn.txt. This can be done by for example cloning a git repository. - call toggled_set_term_title(True), (or have the preference to true) - Open IPython and cd into this directory. - the folder now contain a pwn.txt, with pwn as content, despite the user not asking for any code execution. Workaround: Set the configuration option c.TerminalInteractiveShell.term_title_format='IPython' (or to any other fixed, safe string).
Matthias Bussonnier - - Load All Authors

File last commit:

r27294:ff8ba98b
r28089:991849c2
Show More
extension.py
63 lines | 2.4 KiB | text/x-python | PythonLexer
/ IPython / core / magics / extension.py
History | Annotation | Raw |Copy content |Copy permalink
"""Implementation of magic functions for the extension machinery.
"""
#-----------------------------------------------------------------------------
# Copyright (c) 2012 The IPython Development Team.
#
# Distributed under the terms of the Modified BSD License.
#
# The full license is in the file COPYING.txt, distributed with this software.
#-----------------------------------------------------------------------------
#-----------------------------------------------------------------------------
# Imports
#-----------------------------------------------------------------------------
# Our own packages
from IPython.core.error import UsageError
from IPython.core.magic import Magics, magics_class, line_magic
#-----------------------------------------------------------------------------
# Magic implementation classes
#-----------------------------------------------------------------------------
@magics_class
class ExtensionMagics(Magics):
"""Magics to manage the IPython extensions system."""
@line_magic
def load_ext(self, module_str):
"""Load an IPython extension by its module name."""
if not module_str:
raise UsageError('Missing module name.')
res = self.shell.extension_manager.load_extension(module_str)
if res == 'already loaded':
print("The %s extension is already loaded. To reload it, use:" % module_str)
print(" %reload_ext", module_str)
elif res == 'no load function':
print("The %s module is not an IPython extension." % module_str)
@line_magic
def unload_ext(self, module_str):
"""Unload an IPython extension by its module name.
Not all extensions can be unloaded, only those which define an
``unload_ipython_extension`` function.
"""
if not module_str:
raise UsageError('Missing module name.')
res = self.shell.extension_manager.unload_extension(module_str)
if res == 'no unload function':
print("The %s extension doesn't define how to unload it." % module_str)
elif res == "not loaded":
print("The %s extension is not loaded." % module_str)
@line_magic
def reload_ext(self, module_str):
"""Reload an IPython extension by its module name."""
if not module_str:
raise UsageError('Missing module name.')
self.shell.extension_manager.reload_extension(module_str)