Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

gh-124651: Quote template strings invenv activation scripts#124712

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to ourterms of service andprivacy statement. We’ll occasionally send you account related emails.

Already on GitHub?Sign in to your account

Merged
vsajip merged 1 commit intopython:mainfromy5c4l3:venv-quote
Oct 21, 2024

Conversation

y5c4l3
Copy link
Contributor

@y5c4l3y5c4l3 commentedSep 27, 2024
edited by bedevere-appbot
Loading

This patch properly quotes template strings invenv activation scripts. This mitigates potential command injection.

@bedevere-bot
Copy link

🤖 New build scheduled with the buildbot fleet by@vsajip for commit3034419 🤖

If you want to schedule another build, you need to add the🔨 test-with-buildbots label again.

@bedevere-botbedevere-bot removed the 🔨 test-with-buildbotsTest PR w/ buildbots; report in status section labelSep 30, 2024
This patch properly quotes template strings in `venv` activationscripts. This mitigates potential command injection.Signed-off-by: y5c4l3 <y5c4l3@proton.me>
@y5c4l3
Copy link
ContributorAuthor

y5c4l3 commentedOct 1, 2024
edited
Loading

buildbot/AMD64 FreeBSD failed becausebash was not found. I will add a test fortcsh /csh and skip the original test ifbash is not present.

======================================================================ERROR: test_special_chars (test.test_venv.BasicTest.test_special_chars)Test that the template strings are quoted properly----------------------------------------------------------------------Traceback (most recent call last):  File "/buildbot/buildarea/pull_request.ware-freebsd/build/Lib/test/test_venv.py", line 515, in test_special_chars    out, err = check_output([bash, test_script])               ~~~~~~~~~~~~^^^^^^^^^^^^^^^^^^^^^  File "/buildbot/buildarea/pull_request.ware-freebsd/build/Lib/test/test_venv.py", line 50, in check_output    p = subprocess.Popen(cmd,        stdout=subprocess.PIPE,        stderr=subprocess.PIPE,        env={**os.environ, "PYTHONHOME": ""})  File "/buildbot/buildarea/pull_request.ware-freebsd/build/Lib/subprocess.py", line 1035, in __init__    self._execute_child(args, executable, preexec_fn, close_fds,    ~~~~~~~~~~~~~~~~~~~^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^                        pass_fds, cwd, env,                        ^^^^^^^^^^^^^^^^^^^    ...<5 lines>...                        gid, gids, uid, umask,                        ^^^^^^^^^^^^^^^^^^^^^^                        start_new_session, process_group)                        ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^  File "/buildbot/buildarea/pull_request.ware-freebsd/build/Lib/subprocess.py", line 1885, in _execute_child    executable = os.fsencode(executable)  File "/buildbot/buildarea/pull_request.ware-freebsd/build/Lib/os.py", line 852, in fsencode    filename = fspath(filename)  # Does type-checking of `filename`.TypeError: expected str, bytes or os.PathLike object, not NoneType----------------------------------------------------------------------Ran 36 tests in 7.578s

@vsajipvsajip added the 🔨 test-with-buildbotsTest PR w/ buildbots; report in status section labelOct 9, 2024
@bedevere-bot
Copy link

🤖 New build scheduled with the buildbot fleet by@vsajip for commitb6a3bbd 🤖

If you want to schedule another build, you need to add the🔨 test-with-buildbots label again.

@bedevere-botbedevere-bot removed the 🔨 test-with-buildbotsTest PR w/ buildbots; report in status section labelOct 9, 2024
@y5c4l3
Copy link
ContributorAuthor

@vsajip Some tests were still failing but none of them is related to this PR I guess.

@y5c4l3
Copy link
ContributorAuthor

@vsajip Summary of the failing tests are posted here. Since they all appeared repeatedly before or after this build, I think this PR is good to go... no?

AMD64 Arch Linux TraceRefs PR/1443

FAIL: test_audit_subinterpreter (test.test_embed.AuditingTests.test_audit_subinterpreter)

iOS ARM64 Simulator PR/136

FAIL: test_alt_digits_nl_langinfo (test.test__locale._LocaleTests.test_alt_digits_nl_langinfo) (locale='ja_JP')

x86 Debian Installed with X PR/27
x86 Debian Non-Debug with X PR/27

make: *** [Makefile:1534: Modules/_hacl/Hacl_Hash_Blake2s_Simd128.o] Error 1make: *** Waiting for unfinished jobs....

@vsajipvsajip merged commitd48cc82 intopython:mainOct 21, 2024
106 of 110 checks passed
@vsajipvsajip added needs backport to 3.12only security fixes needs backport to 3.13bugs and security fixes labelsOct 21, 2024
@miss-islington-app
Copy link

Thanks@y5c4l3 for the PR, and@vsajip for merging it 🌮🎉.. I'm working now to backport this PR to: 3.12.
🐍🍒⛏🤖

@miss-islington-app
Copy link

Thanks@y5c4l3 for the PR, and@vsajip for merging it 🌮🎉.. I'm working now to backport this PR to: 3.13.
🐍🍒⛏🤖

@miss-islington-app
Copy link

Sorry,@y5c4l3 and@vsajip, I could not cleanly backport this to3.12 due to a conflict.
Please backport usingcherry_picker on command line.

cherry_picker d48cc82ed25e26b02eb97c6263d95dcaa1e9111b 3.12

miss-islington pushed a commit to miss-islington/cpython that referenced this pull requestOct 21, 2024
…ythonGH-124712)This patch properly quotes template strings in `venv` activationscripts. This mitigates potential command injection.(cherry picked from commitd48cc82)Co-authored-by: Y5 <124019959+y5c4l3@users.noreply.github.com>
@bedevere-app
Copy link

GH-125813 is a backport of this pull request to the3.13 branch.

@bedevere-appbedevere-appbot removed the needs backport to 3.13bugs and security fixes labelOct 21, 2024
vsajip pushed a commit that referenced this pull requestOct 22, 2024
ajayk pushed a commit to ajayk/cpython that referenced this pull requestOct 24, 2024
…ythonGH-124712)This patch properly quotes template strings in `venv` activationscripts. This mitigates potential command injection.(cherry picked from commitd48cc82)
vstinner pushed a commit to vstinner/cpython that referenced this pull requestOct 30, 2024
…ythonGH-124712)This patch properly quotes template strings in `venv` activationscripts. This mitigates potential command injection.(cherry picked from commitd48cc82)
@bedevere-app
Copy link

GH-126185 is a backport of this pull request to the3.12 branch.

@bedevere-appbedevere-appbot removed the needs backport to 3.12only security fixes labelOct 30, 2024
vsajip pushed a commit that referenced this pull requestOct 31, 2024
@bedevere-app

This comment was marked as off-topic.

1 similar comment
@bedevere-app

This comment was marked as outdated.

Redent0r added a commit to Redent0r/CBL-Mariner that referenced this pull requestNov 6, 2024
Taken frompython/cpython#126185 which is a 3.12 backport ofpython/cpython#124712Signed-off-by: Saul Paredes <saulparedes@microsoft.com>
Redent0r added a commit to Redent0r/CBL-Mariner that referenced this pull requestNov 6, 2024
Taken frompython/cpython#126185 which is a 3.12 backport ofpython/cpython#124712Signed-off-by: Saul Paredes <saulparedes@microsoft.com>
Redent0r added a commit to Redent0r/CBL-Mariner that referenced this pull requestNov 7, 2024
Taken frompython/cpython#126185 which is a 3.12 backport ofpython/cpython#124712Signed-off-by: Saul Paredes <saulparedes@microsoft.com>
Redent0r added a commit to Redent0r/CBL-Mariner that referenced this pull requestNov 7, 2024
Taken frompython/cpython#126185 which is a 3.12 backport ofpython/cpython#124712Signed-off-by: Saul Paredes <saulparedes@microsoft.com>
Redent0r added a commit to Redent0r/CBL-Mariner that referenced this pull requestNov 7, 2024
Taken frompython/cpython#126185 which is a 3.12 backport ofpython/cpython#124712Signed-off-by: Saul Paredes <saulparedes@microsoft.com>
Redent0r added a commit to Redent0r/CBL-Mariner that referenced this pull requestNov 26, 2024
Taken frompython/cpython#126185 which is a 3.12 backport ofpython/cpython#124712Signed-off-by: Saul Paredes <saulparedes@microsoft.com>
@mcepl
Copy link
Contributor

My backport of fix for Python 3.6 is atopenSUSE-Python@4f2496b.

Redent0r added a commit to Redent0r/CBL-Mariner that referenced this pull requestDec 18, 2024
Taken frompython/cpython#126185 which is a 3.12 backport ofpython/cpython#124712Signed-off-by: Saul Paredes <saulparedes@microsoft.com>
Redent0r added a commit to Redent0r/CBL-Mariner that referenced this pull requestDec 18, 2024
Taken frompython/cpython#126185 which is a 3.12 backport ofpython/cpython#124712Signed-off-by: Saul Paredes <saulparedes@microsoft.com>
ebonnal pushed a commit to ebonnal/cpython that referenced this pull requestJan 12, 2025
…ythonGH-124712)This patch properly quotes template strings in `venv` activationscripts. This mitigates potential command injection.
rickprice pushed a commit to ActiveState/cpython that referenced this pull requestMar 6, 2025
rickprice pushed a commit to ActiveState/cpython that referenced this pull requestMar 6, 2025
rickprice pushed a commit to ActiveState/cpython that referenced this pull requestMar 7, 2025
gentoo-bot pushed a commit to gentoo/cpython that referenced this pull requestApr 9, 2025
Sign up for freeto join this conversation on GitHub. Already have an account?Sign in to comment
Reviewers

@vsajipvsajipvsajip approved these changes

Assignees

@vsajipvsajip

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

4 participants
@y5c4l3@bedevere-bot@mcepl@vsajip
[8]ページ先頭
©2009-2025 Movatter.jp