##// END OF EJS Templates
Fix CVE-2023-24816 by removing legacy code....
Fix CVE-2023-24816 by removing legacy code. Remove legacy code that might trigger a CVE. Currently set_term_title is only called with (semi-)trusted input that contain the current working directory of the current IPython session. If an attacker can control directory names, and manage to get a user cd into this directory the attacker can execute arbitrary commands contained in the folder names. Example: - On a windows machine where python is built without _ctypes, create a folder called && echo "pwn" > pwn.txt. This can be done by for example cloning a git repository. - call toggled_set_term_title(True), (or have the preference to true) - Open IPython and cd into this directory. - the folder now contain a pwn.txt, with pwn as content, despite the user not asking for any code execution. Workaround: Set the configuration option c.TerminalInteractiveShell.term_title_format='IPython' (or to any other fixed, safe string).

File last commit:

r27843:667f3cbe
r28089:991849c2
Show More
test_dir2.py
66 lines | 1.4 KiB | text/x-python | PythonLexer
from IPython.utils.dir2 import dir2
import pytest
class Base(object):
x = 1
z = 23
def test_base():
res = dir2(Base())
assert "x" in res
assert "z" in res
assert "y" not in res
assert "__class__" in res
assert res.count("x") == 1
assert res.count("__class__") == 1
def test_SubClass():
class SubClass(Base):
y = 2
res = dir2(SubClass())
assert "y" in res
assert res.count("y") == 1
assert res.count("x") == 1
def test_SubClass_with_trait_names_attr():
# usecase: trait_names is used in a class describing psychological classification
class SubClass(Base):
y = 2
trait_names = 44
res = dir2(SubClass())
assert "trait_names" in res
def test_misbehaving_object_without_trait_names():
# dir2 shouldn't raise even when objects are dumb and raise
# something other than AttribteErrors on bad getattr.
class MisbehavingGetattr:
def __getattr__(self, attr):
raise KeyError("I should be caught")
def some_method(self):
return True
class SillierWithDir(MisbehavingGetattr):
def __dir__(self):
return ["some_method"]
for bad_klass in (MisbehavingGetattr, SillierWithDir):
obj = bad_klass()
assert obj.some_method()
with pytest.raises(KeyError):
obj.other_method()
res = dir2(obj)
assert "some_method" in res