"""
Test that CVEs stay fixed. 
"""

from IPython.utils.tempdir import TemporaryDirectory, TemporaryWorkingDirectory
from pathlib import Path
import random
import sys
import os
import string
import subprocess
import time


def test_cve_2022_21699():
    """
    Here we test CVE-2022-21699.

    We create a temporary directory, cd into it.
    Make a profile file that should not be executed and start IPython in a subprocess,
    checking for the value.



    """

    dangerous_profile_dir = Path("profile_default")

    dangerous_startup_dir = dangerous_profile_dir / "startup"
    dangerous_expected = "CVE-2022-21699-" + "".join(
        [random.choice(string.ascii_letters) for i in range(10)]
    )

    with TemporaryWorkingDirectory() as t:
        dangerous_startup_dir.mkdir(parents=True)
        (dangerous_startup_dir / "foo.py").write_text(
            f'print("{dangerous_expected}")', encoding="utf-8"
        )
        # 1 sec to make sure FS is flushed.
        # time.sleep(1)
        cmd = [sys.executable, "-m", "IPython"]
        env = os.environ.copy()
        env["IPY_TEST_SIMPLE_PROMPT"] = "1"

        # First we fake old behavior, making sure the profile is/was actually dangerous
        p_dangerous = subprocess.Popen(
            cmd + [f"--profile-dir={dangerous_profile_dir}"],
            env=env,
            stdin=subprocess.PIPE,
            stdout=subprocess.PIPE,
            stderr=subprocess.PIPE,
        )
        out_dangerous, err_dangerouns = p_dangerous.communicate(b"exit\r")
        assert dangerous_expected in out_dangerous.decode()

        # Now that we know it _would_ have been dangerous, we test it's not loaded
        p = subprocess.Popen(
            cmd,
            env=env,
            stdin=subprocess.PIPE,
            stdout=subprocess.PIPE,
            stderr=subprocess.PIPE,
        )
        out, err = p.communicate(b"exit\r")
        assert b"IPython" in out
        assert dangerous_expected not in out.decode()
        assert err == b""