##// END OF EJS Templates
Fix #13654, improve performance of auto match for quotes...
Fix #13654, improve performance of auto match for quotes As pointed out in #13654, auto matching of quotes may take a long time if the prefix is long. To be more precise, the longer the text before the first quote, the slower it is. This is all caused by the regex pattern used: `r'^([^"]+|"[^"]*")*$'`, which I suspect is O(2^N) slow. ```python In [1]: text = "function_with_long_nameeee('arg" In [2]: import re In [3]: pattern = re.compile(r"^([^']+|'[^']*')*$") In [4]: %timeit pattern.match(text) 10.3 s ± 67.2 ms per loop (mean ± std. dev. of 7 runs, 1 loop each) In [5]: %timeit pattern.match("1'") 312 ns ± 0.775 ns per loop (mean ± std. dev. of 7 runs, 1,000,000 loops each) In [6]: %timeit pattern.match("12'") 462 ns ± 1.95 ns per loop (mean ± std. dev. of 7 runs, 1,000,000 loops each) In [7]: %timeit pattern.match("123'") 766 ns ± 6.32 ns per loop (mean ± std. dev. of 7 runs, 1,000,000 loops each) In [8]: %timeit pattern.match("1234'") 1.59 µs ± 20.9 ns per loop (mean ± std. dev. of 7 runs, 1,000,000 loops each) ``` But the pattern we want here can actually be detected with a Python implemention in O(N) time.

File last commit:

r27495:1a9d9554
r27762:c179c2a5
Show More
cve.py
67 lines | 2.0 KiB | text/x-python | PythonLexer
"""
Test that CVEs stay fixed.
"""
from IPython.utils.tempdir import TemporaryDirectory, TemporaryWorkingDirectory
from pathlib import Path
import random
import sys
import os
import string
import subprocess
import time
def test_cve_2022_21699():
"""
Here we test CVE-2022-21699.
We create a temporary directory, cd into it.
Make a profile file that should not be executed and start IPython in a subprocess,
checking for the value.
"""
dangerous_profile_dir = Path("profile_default")
dangerous_startup_dir = dangerous_profile_dir / "startup"
dangerous_expected = "CVE-2022-21699-" + "".join(
[random.choice(string.ascii_letters) for i in range(10)]
)
with TemporaryWorkingDirectory() as t:
dangerous_startup_dir.mkdir(parents=True)
(dangerous_startup_dir / "foo.py").write_text(
f'print("{dangerous_expected}")', encoding="utf-8"
)
# 1 sec to make sure FS is flushed.
# time.sleep(1)
cmd = [sys.executable, "-m", "IPython"]
env = os.environ.copy()
env["IPY_TEST_SIMPLE_PROMPT"] = "1"
# First we fake old behavior, making sure the profile is/was actually dangerous
p_dangerous = subprocess.Popen(
cmd + [f"--profile-dir={dangerous_profile_dir}"],
env=env,
stdin=subprocess.PIPE,
stdout=subprocess.PIPE,
stderr=subprocess.PIPE,
)
out_dangerous, err_dangerouns = p_dangerous.communicate(b"exit\r")
assert dangerous_expected in out_dangerous.decode()
# Now that we know it _would_ have been dangerous, we test it's not loaded
p = subprocess.Popen(
cmd,
env=env,
stdin=subprocess.PIPE,
stdout=subprocess.PIPE,
stderr=subprocess.PIPE,
)
out, err = p.communicate(b"exit\r")
assert b"IPython" in out
assert dangerous_expected not in out.decode()
assert err == b""