123 lines
4.3 KiB
Diff
123 lines
4.3 KiB
Diff
From 8fc8c45b6717be58ad927def1bf3ea05c83cab8c Mon Sep 17 00:00:00 2001
|
|
From: Serhiy Storchaka <storchaka@gmail.com>
|
|
Date: Wed, 17 Jan 2024 16:28:17 +0200
|
|
Subject: [PATCH] [3.9] gh-113659: Skip hidden .pth files (GH-113660)
|
|
(GH-114146)
|
|
MIME-Version: 1.0
|
|
Content-Type: text/plain; charset=UTF-8
|
|
Content-Transfer-Encoding: 8bit
|
|
|
|
(cherry picked from commit 74208ed0c440244fb809d8acc97cb9ef51e888e3)
|
|
|
|
Co-authored-by: Łukasz Langa <lukasz@langa.pl>
|
|
---
|
|
Lib/site.py | 11 +++++-
|
|
Lib/test/test_site.py | 39 +++++++++++++++++++
|
|
...-01-02-19-52-23.gh-issue-113659.DkmnQc.rst | 1 +
|
|
3 files changed, 50 insertions(+), 1 deletion(-)
|
|
create mode 100644 Misc/NEWS.d/next/Security/2024-01-02-19-52-23.gh-issue-113659.DkmnQc.rst
|
|
|
|
diff --git a/Lib/site.py b/Lib/site.py
|
|
index 9e617afb00..54ffc4fdc0 100644
|
|
--- a/Lib/site.py
|
|
+++ b/Lib/site.py
|
|
@@ -74,6 +74,7 @@
|
|
import builtins
|
|
import _sitebuiltins
|
|
import io
|
|
+import stat
|
|
|
|
# Prefixes for site-packages; add additional prefixes like /usr/local here
|
|
PREFIXES = [sys.prefix, sys.exec_prefix]
|
|
@@ -156,6 +157,13 @@ def addpackage(sitedir, name, known_paths):
|
|
else:
|
|
reset = False
|
|
fullname = os.path.join(sitedir, name)
|
|
+ try:
|
|
+ st = os.lstat(fullname)
|
|
+ except OSError:
|
|
+ return
|
|
+ if ((getattr(st, 'st_flags', 0) & stat.UF_HIDDEN) or
|
|
+ (getattr(st, 'st_file_attributes', 0) & stat.FILE_ATTRIBUTE_HIDDEN)):
|
|
+ return
|
|
try:
|
|
f = io.TextIOWrapper(io.open_code(fullname))
|
|
except OSError:
|
|
@@ -203,7 +211,8 @@ def addsitedir(sitedir, known_paths=None):
|
|
names = os.listdir(sitedir)
|
|
except OSError:
|
|
return
|
|
- names = [name for name in names if name.endswith(".pth")]
|
|
+ names = [name for name in names
|
|
+ if name.endswith(".pth") and not name.startswith(".")]
|
|
for name in sorted(names):
|
|
addpackage(sitedir, name, known_paths)
|
|
if reset:
|
|
diff --git a/Lib/test/test_site.py b/Lib/test/test_site.py
|
|
index 3d25d7e473..e578cd7db3 100644
|
|
--- a/Lib/test/test_site.py
|
|
+++ b/Lib/test/test_site.py
|
|
@@ -16,6 +16,7 @@
|
|
import os
|
|
import re
|
|
import shutil
|
|
+import stat
|
|
import subprocess
|
|
import sys
|
|
import sysconfig
|
|
@@ -185,6 +186,44 @@ def test_addsitedir(self):
|
|
finally:
|
|
pth_file.cleanup()
|
|
|
|
+ def test_addsitedir_dotfile(self):
|
|
+ pth_file = PthFile('.dotfile')
|
|
+ pth_file.cleanup(prep=True)
|
|
+ try:
|
|
+ pth_file.create()
|
|
+ site.addsitedir(pth_file.base_dir, set())
|
|
+ self.assertNotIn(site.makepath(pth_file.good_dir_path)[0], sys.path)
|
|
+ self.assertIn(pth_file.base_dir, sys.path)
|
|
+ finally:
|
|
+ pth_file.cleanup()
|
|
+
|
|
+ @unittest.skipUnless(hasattr(os, 'chflags'), 'test needs os.chflags()')
|
|
+ def test_addsitedir_hidden_flags(self):
|
|
+ pth_file = PthFile()
|
|
+ pth_file.cleanup(prep=True)
|
|
+ try:
|
|
+ pth_file.create()
|
|
+ st = os.stat(pth_file.file_path)
|
|
+ os.chflags(pth_file.file_path, st.st_flags | stat.UF_HIDDEN)
|
|
+ site.addsitedir(pth_file.base_dir, set())
|
|
+ self.assertNotIn(site.makepath(pth_file.good_dir_path)[0], sys.path)
|
|
+ self.assertIn(pth_file.base_dir, sys.path)
|
|
+ finally:
|
|
+ pth_file.cleanup()
|
|
+
|
|
+ @unittest.skipUnless(sys.platform == 'win32', 'test needs Windows')
|
|
+ def test_addsitedir_hidden_file_attribute(self):
|
|
+ pth_file = PthFile()
|
|
+ pth_file.cleanup(prep=True)
|
|
+ try:
|
|
+ pth_file.create()
|
|
+ subprocess.check_call(['attrib', '+H', pth_file.file_path])
|
|
+ site.addsitedir(pth_file.base_dir, set())
|
|
+ self.assertNotIn(site.makepath(pth_file.good_dir_path)[0], sys.path)
|
|
+ self.assertIn(pth_file.base_dir, sys.path)
|
|
+ finally:
|
|
+ pth_file.cleanup()
|
|
+
|
|
# This tests _getuserbase, hence the double underline
|
|
# to distinguish from a test for getuserbase
|
|
def test__getuserbase(self):
|
|
diff --git a/Misc/NEWS.d/next/Security/2024-01-02-19-52-23.gh-issue-113659.DkmnQc.rst b/Misc/NEWS.d/next/Security/2024-01-02-19-52-23.gh-issue-113659.DkmnQc.rst
|
|
new file mode 100644
|
|
index 0000000000..744687e723
|
|
--- /dev/null
|
|
+++ b/Misc/NEWS.d/next/Security/2024-01-02-19-52-23.gh-issue-113659.DkmnQc.rst
|
|
@@ -0,0 +1 @@
|
|
+Skip ``.pth`` files with names starting with a dot or hidden file attribute.
|
|
--
|
|
2.34.1.windows.1
|
|
|