MCPcopy Index your code
hub / github.com/ipython/ipython / test_cve_2022_21699

Function test_cve_2022_21699

tests/test_cve.py:14–66  ·  view source on GitHub ↗

Here we test CVE-2022-21699. We create a temporary directory, cd into it. Make a profile file that should not be executed and start IPython in a subprocess, checking for the value.

()

Source from the content-addressed store, hash-verified

12
13
14def test_cve_2022_21699():
15 """
16 Here we test CVE-2022-21699.
17
18 We create a temporary directory, cd into it.
19 Make a profile file that should not be executed and start IPython in a subprocess,
20 checking for the value.
21
22
23
24 """
25
26 dangerous_profile_dir = Path("profile_default")
27
28 dangerous_startup_dir = dangerous_profile_dir / "startup"
29 dangerous_expected = "CVE-2022-21699-" + "".join(
30 [random.choice(string.ascii_letters) for i in range(10)]
31 )
32
33 with TemporaryWorkingDirectory() as t:
34 dangerous_startup_dir.mkdir(parents=True)
35 (dangerous_startup_dir / "foo.py").write_text(
36 f'print("{dangerous_expected}")', encoding="utf-8"
37 )
38 # 1 sec to make sure FS is flushed.
39 # time.sleep(1)
40 cmd = [sys.executable, "-m", "IPython"]
41 env = os.environ.copy()
42 env["IPY_TEST_SIMPLE_PROMPT"] = "1"
43
44 # First we fake old behavior, making sure the profile is/was actually dangerous
45 p_dangerous = subprocess.Popen(
46 cmd + [f"--profile-dir={dangerous_profile_dir}"],
47 env=env,
48 stdin=subprocess.PIPE,
49 stdout=subprocess.PIPE,
50 stderr=subprocess.PIPE,
51 )
52 out_dangerous, err_dangerouns = p_dangerous.communicate(b"exit\r")
53 assert dangerous_expected in out_dangerous.decode()
54
55 # Now that we know it _would_ have been dangerous, we test it's not loaded
56 p = subprocess.Popen(
57 cmd,
58 env=env,
59 stdin=subprocess.PIPE,
60 stdout=subprocess.PIPE,
61 stderr=subprocess.PIPE,
62 )
63 out, err = p.communicate(b"exit\r")
64 assert b"IPython" in out
65 assert dangerous_expected not in out.decode()
66 assert err == b""

Callers

nothing calls this directly

Calls 2

copyMethod · 0.45

Tested by

no test coverage detected

Used in the wild real call sites across dependent graphs

searching dependent graphs…