Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

Commit9e86053

Browse files
committed
Replace the one use of mktemp in the git module
This makes two related changes to git.index.util.TemporaryFileSwap:- Replace mktemp with mkstemp and then immediately closing the file. This avoids two possible name clashes: the usual name clash where the file may be created by another process between when mktemp generates the name and when the file is created, and the problem that mktemp does not check for files that contain the generated name as a part. The latter is specific to the use here, where a string generated by mktemp was manually concatenated to the base filename. This addresses that by passing the filename as the prefix for mkstemp to use.- Replace os.remove with os.replace and simplify. This is made necessary on Windows by the file already existing, due to mkstemp creating it. Deleting the file and allowing it to be recreated would reproduce the mktemp race condition in full (obscured and with extra steps). But os.replace supports an existing target file on all platforms. It is now also used in __exit__, where it allows the Windows check for the file to be removed, and (in any OS) better expresses the intent of the code to human readers. Furthermore, because one of the "look before you leap" checks in __exit__ is removed, the minor race condition in cleaning up the file is somewhat decreased.A small amount of related refactoring is included. The interface isnot changed, even where it could be simplified (by letting __exit__return None), and resource acquisition remains done on constructionrather than in __enter__, because changing those aspects of thedesign could break some existing uses.Although the use of mktemp replaced here was in the git module andnot the test suite, its use was to generate filenames for use in adirectory that would ordinarily be under the user's control, suchthat the ability to carry out typical mktemp-related attacks wouldalready require the ability to achieve the same goals more easilyand reliably. Although TemporaryFileSwap is a public class that maybe used directly by applications, it is only useful for making atemporary file in the same directory as an existing file. Thus theintended benefits of this change are mainly to code quality anda slight improvement in robustness.
1 parent41fac85 commit9e86053

File tree

1 file changed

+6
-10
lines changed

1 file changed

+6
-10
lines changed

‎git/index/util.py

Lines changed: 6 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -3,6 +3,7 @@
33

44
"""Index utilities."""
55

6+
importcontextlib
67
fromfunctoolsimportwraps
78
importos
89
importos.pathasosp
@@ -40,12 +41,10 @@ class TemporaryFileSwap:
4041

4142
def__init__(self,file_path:PathLike)->None:
4243
self.file_path=file_path
43-
self.tmp_file_path=str(self.file_path)+tempfile.mktemp("","","")
44-
# It may be that the source does not exist.
45-
try:
46-
os.rename(self.file_path,self.tmp_file_path)
47-
exceptOSError:
48-
pass
44+
fd,self.tmp_file_path=tempfile.mkstemp(prefix=self.file_path,dir="")
45+
os.close(fd)
46+
withcontextlib.suppress(OSError):# It may be that the source does not exist.
47+
os.replace(self.file_path,self.tmp_file_path)
4948

5049
def__enter__(self)->"TemporaryFileSwap":
5150
returnself
@@ -57,10 +56,7 @@ def __exit__(
5756
exc_tb:Optional[TracebackType],
5857
)->bool:
5958
ifosp.isfile(self.tmp_file_path):
60-
ifos.name=="nt"andosp.exists(self.file_path):
61-
os.remove(self.file_path)
62-
os.rename(self.tmp_file_path,self.file_path)
63-
59+
os.replace(self.tmp_file_path,self.file_path)
6460
returnFalse
6561

6662

0 commit comments

Comments
 (0)
[8]ページ先頭
©2009-2025 Movatter.jp