Here we test CVE-2022-21699. We create a temporary directory, cd into it. Make a profile file that should not be executed and start IPython in a subprocess, checking for the value.
()
| 12 | |
| 13 | |
| 14 | def test_cve_2022_21699(): |
| 15 | """ |
| 16 | Here we test CVE-2022-21699. |
| 17 | |
| 18 | We create a temporary directory, cd into it. |
| 19 | Make a profile file that should not be executed and start IPython in a subprocess, |
| 20 | checking for the value. |
| 21 | |
| 22 | |
| 23 | |
| 24 | """ |
| 25 | |
| 26 | dangerous_profile_dir = Path("profile_default") |
| 27 | |
| 28 | dangerous_startup_dir = dangerous_profile_dir / "startup" |
| 29 | dangerous_expected = "CVE-2022-21699-" + "".join( |
| 30 | [random.choice(string.ascii_letters) for i in range(10)] |
| 31 | ) |
| 32 | |
| 33 | with TemporaryWorkingDirectory() as t: |
| 34 | dangerous_startup_dir.mkdir(parents=True) |
| 35 | (dangerous_startup_dir / "foo.py").write_text( |
| 36 | f'print("{dangerous_expected}")', encoding="utf-8" |
| 37 | ) |
| 38 | # 1 sec to make sure FS is flushed. |
| 39 | # time.sleep(1) |
| 40 | cmd = [sys.executable, "-m", "IPython"] |
| 41 | env = os.environ.copy() |
| 42 | env["IPY_TEST_SIMPLE_PROMPT"] = "1" |
| 43 | |
| 44 | # First we fake old behavior, making sure the profile is/was actually dangerous |
| 45 | p_dangerous = subprocess.Popen( |
| 46 | cmd + [f"--profile-dir={dangerous_profile_dir}"], |
| 47 | env=env, |
| 48 | stdin=subprocess.PIPE, |
| 49 | stdout=subprocess.PIPE, |
| 50 | stderr=subprocess.PIPE, |
| 51 | ) |
| 52 | out_dangerous, err_dangerouns = p_dangerous.communicate(b"exit\r") |
| 53 | assert dangerous_expected in out_dangerous.decode() |
| 54 | |
| 55 | # Now that we know it _would_ have been dangerous, we test it's not loaded |
| 56 | p = subprocess.Popen( |
| 57 | cmd, |
| 58 | env=env, |
| 59 | stdin=subprocess.PIPE, |
| 60 | stdout=subprocess.PIPE, |
| 61 | stderr=subprocess.PIPE, |
| 62 | ) |
| 63 | out, err = p.communicate(b"exit\r") |
| 64 | assert b"IPython" in out |
| 65 | assert dangerous_expected not in out.decode() |
| 66 | assert err == b"" |
nothing calls this directly
no test coverage detected
searching dependent graphs…