upstream/ipython Files · IPython/terminal/shortcuts/auto_match.py

Fix CVE-2023-24816 by removing legacy code....

Fix CVE-2023-24816 by removing legacy code. Remove legacy code that might trigger a CVE. Currently set_term_title is only called with (semi-)trusted input that contain the current working directory of the current IPython session. If an attacker can control directory names, and manage to get a user cd into this directory the attacker can execute arbitrary commands contained in the folder names. Example: - On a windows machine where python is built without _ctypes, create a folder called && echo "pwn" > pwn.txt. This can be done by for example cloning a git repository. - call toggled_set_term_title(True), (or have the preference to true) - Open IPython and cd into this directory. - the folder now contain a pwn.txt, with pwn as content, despite the user not asking for any code execution. Workaround: Set the configuration option c.TerminalInteractiveShell.term_title_format='IPython' (or to any other fixed, safe string).

Matthias Bussonnier - - Load All Authors

File last commit:

r28032:3e265595


                r28089:991849c2

Download file

             auto_match.py
        
                    104 lines
            
             | 3.0 KiB
            
                | text/x-python
            
             |
                PythonLexer
            
             / IPython / terminal / shortcuts / auto_match.py
          
                    History
                
                 |
                  Annotation
                 | Raw
                 |Copy content
                 |Copy permalink

      """

      Utilities function for keybinding with prompt toolkit. 

      This will be bound to specific key press and filter modes, 

      like whether we are in edit mode, and whether the completer is open.

      """

      import re

      from prompt_toolkit.key_binding import KeyPressEvent

      def parenthesis(event: KeyPressEvent):

          """Auto-close parenthesis"""

          event.current_buffer.insert_text("()")

          event.current_buffer.cursor_left()

      def brackets(event: KeyPressEvent):

          """Auto-close brackets"""

          event.current_buffer.insert_text("[]")

          event.current_buffer.cursor_left()

      def braces(event: KeyPressEvent):

          """Auto-close braces"""

          event.current_buffer.insert_text("{}")

          event.current_buffer.cursor_left()

      def double_quote(event: KeyPressEvent):

          """Auto-close double quotes"""

          event.current_buffer.insert_text('""')

          event.current_buffer.cursor_left()

      def single_quote(event: KeyPressEvent):

          """Auto-close single quotes"""

          event.current_buffer.insert_text("''")

          event.current_buffer.cursor_left()

      def docstring_double_quotes(event: KeyPressEvent):

          """Auto-close docstring (double quotes)"""

          event.current_buffer.insert_text('""""')

          event.current_buffer.cursor_left(3)

      def docstring_single_quotes(event: KeyPressEvent):

          """Auto-close docstring (single quotes)"""

          event.current_buffer.insert_text("''''")

          event.current_buffer.cursor_left(3)

      def raw_string_parenthesis(event: KeyPressEvent):

          """Auto-close parenthesis in raw strings"""

          matches = re.match(

              r".*(r|R)[\"'](-*)",

              event.current_buffer.document.current_line_before_cursor,

          )

          dashes = matches.group(2) if matches else ""

          event.current_buffer.insert_text("()" + dashes)

          event.current_buffer.cursor_left(len(dashes) + 1)

      def raw_string_bracket(event: KeyPressEvent):

          """Auto-close bracker in raw strings"""

          matches = re.match(

              r".*(r|R)[\"'](-*)",

              event.current_buffer.document.current_line_before_cursor,

          )

          dashes = matches.group(2) if matches else ""

          event.current_buffer.insert_text("[]" + dashes)

          event.current_buffer.cursor_left(len(dashes) + 1)

      def raw_string_braces(event: KeyPressEvent):

          """Auto-close braces in raw strings"""

          matches = re.match(

              r".*(r|R)[\"'](-*)",

              event.current_buffer.document.current_line_before_cursor,

          )

          dashes = matches.group(2) if matches else ""

          event.current_buffer.insert_text("{}" + dashes)

          event.current_buffer.cursor_left(len(dashes) + 1)

      def skip_over(event: KeyPressEvent):

          """Skip over automatically added parenthesis.

          (rather than adding another parenthesis)"""

          event.current_buffer.cursor_right()

      def delete_pair(event: KeyPressEvent):

          """Delete auto-closed parenthesis"""

          event.current_buffer.delete()

          event.current_buffer.delete_before_cursor()

      auto_match_parens = {"(": parenthesis, "[": brackets, "{": braces}

      auto_match_parens_raw_string = {

          "(": raw_string_parenthesis,

          "[": raw_string_bracket,

          "{": raw_string_braces,

      }

	Site-wide shortcuts
/	Use quick search box
g h	Goto home page
g g	Goto my private gists page
g G	Goto my public gists page
g 0-9	Goto bookmarked items from 0-9
n r	New repository page
n g	New gist page

	Repositories
g s	Goto summary page
g c	Goto changelog page
g f	Goto files page
g F	Goto files page with file search activated
g p	Goto pull requests page
g o	Goto repository settings
g O	Goto repository access permissions settings
t s	Toggle sidebar on some pages

				"""
				Utilities function for keybinding with prompt toolkit.

				This will be bound to specific key press and filter modes,
				like whether we are in edit mode, and whether the completer is open.
				"""
				import re
				from prompt_toolkit.key_binding import KeyPressEvent


				def parenthesis(event: KeyPressEvent):
				"""Auto-close parenthesis"""
				event.current_buffer.insert_text("()")
				event.current_buffer.cursor_left()


				def brackets(event: KeyPressEvent):
				"""Auto-close brackets"""
				event.current_buffer.insert_text("[]")
				event.current_buffer.cursor_left()


				def braces(event: KeyPressEvent):
				"""Auto-close braces"""
				event.current_buffer.insert_text("{}")
				event.current_buffer.cursor_left()


				def double_quote(event: KeyPressEvent):
				"""Auto-close double quotes"""
				event.current_buffer.insert_text('""')
				event.current_buffer.cursor_left()


				def single_quote(event: KeyPressEvent):
				"""Auto-close single quotes"""
				event.current_buffer.insert_text("''")
				event.current_buffer.cursor_left()


				def docstring_double_quotes(event: KeyPressEvent):
				"""Auto-close docstring (double quotes)"""
				event.current_buffer.insert_text('""""')
				event.current_buffer.cursor_left(3)


				def docstring_single_quotes(event: KeyPressEvent):
				"""Auto-close docstring (single quotes)"""
				event.current_buffer.insert_text("''''")
				event.current_buffer.cursor_left(3)


				def raw_string_parenthesis(event: KeyPressEvent):
				"""Auto-close parenthesis in raw strings"""
				matches = re.match(
				r".(r\|R)[\"'](-)",
				event.current_buffer.document.current_line_before_cursor,
				)
				dashes = matches.group(2) if matches else ""
				event.current_buffer.insert_text("()" + dashes)
				event.current_buffer.cursor_left(len(dashes) + 1)


				def raw_string_bracket(event: KeyPressEvent):
				"""Auto-close bracker in raw strings"""
				matches = re.match(
				r".(r\|R)[\"'](-)",
				event.current_buffer.document.current_line_before_cursor,
				)
				dashes = matches.group(2) if matches else ""
				event.current_buffer.insert_text("[]" + dashes)
				event.current_buffer.cursor_left(len(dashes) + 1)


				def raw_string_braces(event: KeyPressEvent):
				"""Auto-close braces in raw strings"""
				matches = re.match(
				r".(r\|R)[\"'](-)",
				event.current_buffer.document.current_line_before_cursor,
				)
				dashes = matches.group(2) if matches else ""
				event.current_buffer.insert_text("{}" + dashes)
				event.current_buffer.cursor_left(len(dashes) + 1)


				def skip_over(event: KeyPressEvent):
				"""Skip over automatically added parenthesis.

				(rather than adding another parenthesis)"""
				event.current_buffer.cursor_right()


				def delete_pair(event: KeyPressEvent):
				"""Delete auto-closed parenthesis"""
				event.current_buffer.delete()
				event.current_buffer.delete_before_cursor()


				auto_match_parens = {"(": parenthesis, "[": brackets, "{": braces}
				auto_match_parens_raw_string = {
				"(": raw_string_parenthesis,
				"[": raw_string_bracket,
				"{": raw_string_braces,
				}