upstream/ipython Files · IPython/utils/tempdir.py

Fix CVE-2023-24816 by removing legacy code....

Fix CVE-2023-24816 by removing legacy code. Remove legacy code that might trigger a CVE. Currently set_term_title is only called with (semi-)trusted input that contain the current working directory of the current IPython session. If an attacker can control directory names, and manage to get a user cd into this directory the attacker can execute arbitrary commands contained in the folder names. Example: - On a windows machine where python is built without _ctypes, create a folder called && echo "pwn" > pwn.txt. This can be done by for example cloning a git repository. - call toggled_set_term_title(True), (or have the preference to true) - Open IPython and cd into this directory. - the folder now contain a pwn.txt, with pwn as content, despite the user not asking for any code execution. Workaround: Set the configuration option c.TerminalInteractiveShell.term_title_format='IPython' (or to any other fixed, safe string).

Matthias Bussonnier - - Load All Authors

File last commit:

r27747:f5d4e0ac


                r28089:991849c2

Download file

             tempdir.py
        
                    59 lines
            
             | 1.8 KiB
            
                | text/x-python
            
             |
                PythonLexer
            
             / IPython / utils / tempdir.py
          
                    History
                
                 |
                  Annotation
                 | Raw
                 |Copy content
                 |Copy permalink

      """ This module contains classes - NamedFileInTemporaryDirectory, TemporaryWorkingDirectory.

      These classes add extra features such as creating a named file in temporary directory and

      creating a context manager for the working directory which is also temporary.

      """

      import os as _os

      from pathlib import Path

      from tempfile import TemporaryDirectory

      class NamedFileInTemporaryDirectory(object):

          def __init__(self, filename, mode="w+b", bufsize=-1, add_to_syspath=False, **kwds):

              """

              Open a file named `filename` in a temporary directory.

              This context manager is preferred over `NamedTemporaryFile` in

              stdlib `tempfile` when one needs to reopen the file.

              Arguments `mode` and `bufsize` are passed to `open`.

              Rest of the arguments are passed to `TemporaryDirectory`.

              """

              self._tmpdir = TemporaryDirectory(**kwds)

              path = Path(self._tmpdir.name) / filename

              encoding = None if "b" in mode else "utf-8"

              self.file = open(path, mode, bufsize, encoding=encoding)

          def cleanup(self):

              self.file.close()

              self._tmpdir.cleanup()

          __del__ = cleanup

          def __enter__(self):

              return self.file

          def __exit__(self, type, value, traceback):

              self.cleanup()

      class TemporaryWorkingDirectory(TemporaryDirectory):

          """

          Creates a temporary directory and sets the cwd to that directory.

          Automatically reverts to previous cwd upon cleanup.

          Usage example:

              with TemporaryWorkingDirectory() as tmpdir:

                  ...

          """

          def __enter__(self):

              self.old_wd = Path.cwd()

              _os.chdir(self.name)

              return super(TemporaryWorkingDirectory, self).__enter__()

          def __exit__(self, exc, value, tb):

              _os.chdir(self.old_wd)

              return super(TemporaryWorkingDirectory, self).__exit__(exc, value, tb)

	Site-wide shortcuts
/	Use quick search box
g h	Goto home page
g g	Goto my private gists page
g G	Goto my public gists page
g 0-9	Goto bookmarked items from 0-9
n r	New repository page
n g	New gist page

	Repositories
g s	Goto summary page
g c	Goto changelog page
g f	Goto files page
g F	Goto files page with file search activated
g p	Goto pull requests page
g o	Goto repository settings
g O	Goto repository access permissions settings
t s	Toggle sidebar on some pages

				""" This module contains classes - NamedFileInTemporaryDirectory, TemporaryWorkingDirectory.

				These classes add extra features such as creating a named file in temporary directory and
				creating a context manager for the working directory which is also temporary.
				"""

				import os as _os
				from pathlib import Path
				from tempfile import TemporaryDirectory


				class NamedFileInTemporaryDirectory(object):
				def __init__(self, filename, mode="w+b", bufsize=-1, add_to_syspath=False, **kwds):
				"""
				Open a file named `filename` in a temporary directory.

				This context manager is preferred over `NamedTemporaryFile` in
				stdlib `tempfile` when one needs to reopen the file.

				Arguments `mode` and `bufsize` are passed to `open`.
				Rest of the arguments are passed to `TemporaryDirectory`.

				"""
				self._tmpdir = TemporaryDirectory(**kwds)
				path = Path(self._tmpdir.name) / filename
				encoding = None if "b" in mode else "utf-8"
				self.file = open(path, mode, bufsize, encoding=encoding)

				def cleanup(self):
				self.file.close()
				self._tmpdir.cleanup()

				__del__ = cleanup

				def __enter__(self):
				return self.file

				def __exit__(self, type, value, traceback):
				self.cleanup()


				class TemporaryWorkingDirectory(TemporaryDirectory):
				"""
				Creates a temporary directory and sets the cwd to that directory.
				Automatically reverts to previous cwd upon cleanup.
				Usage example:

				with TemporaryWorkingDirectory() as tmpdir:
				...
				"""

				def __enter__(self):
				self.old_wd = Path.cwd()
				_os.chdir(self.name)
				return super(TemporaryWorkingDirectory, self).__enter__()

				def __exit__(self, exc, value, tb):
				_os.chdir(self.old_wd)
				return super(TemporaryWorkingDirectory, self).__exit__(exc, value, tb)