From 499fb95938a0c5aa606647d452d2761aead5e254 Mon Sep 17 00:00:00 2001 From: Serhiy Storchaka Date: Tue, 2 Jan 2024 19:53:06 +0200 Subject: [PATCH 1/7] gh-113659: Skip hidden .pth files --- Lib/site.py | 12 ++++++++- Lib/test/test_site.py | 25 +++++++++++++++++++ ...-01-02-19-52-23.gh-issue-113659.DkmnQc.rst | 1 + 3 files changed, 37 insertions(+), 1 deletion(-) create mode 100644 Misc/NEWS.d/next/Security/2024-01-02-19-52-23.gh-issue-113659.DkmnQc.rst diff --git a/Lib/site.py b/Lib/site.py index 6f5738b02cb23b..efc1f046787ec2 100644 --- a/Lib/site.py +++ b/Lib/site.py @@ -74,6 +74,7 @@ import builtins import _sitebuiltins import io +import stat # Prefixes for site-packages; add additional prefixes like /usr/local here PREFIXES = [sys.prefix, sys.exec_prefix] @@ -168,6 +169,14 @@ def addpackage(sitedir, name, known_paths): else: reset = False fullname = os.path.join(sitedir, name) + try: + st = os.lstat(fullname) + except OSError: + return + if ((getattr(st, 'st_flags', 0) & stat.UF_HIDDEN) or + (getattr(st, 'st_file_attributes', 0) & stat.FILE_ATTRIBUTE_HIDDEN)): + _trace(f"Skipping hidden .pth file: {fullname!r}") + return _trace(f"Processing .pth file: {fullname!r}") try: # locale encoding is not ideal especially on Windows. But we have used @@ -221,7 +230,8 @@ def addsitedir(sitedir, known_paths=None): names = os.listdir(sitedir) except OSError: return - names = [name for name in names if name.endswith(".pth")] + names = [name for name in names + if name.endswith(".pth") and not name.startswith(".")] for name in sorted(names): addpackage(sitedir, name, known_paths) if reset: diff --git a/Lib/test/test_site.py b/Lib/test/test_site.py index 33d0975bda8eaa..67a45edd71a0af 100644 --- a/Lib/test/test_site.py +++ b/Lib/test/test_site.py @@ -194,6 +194,31 @@ def test_addsitedir(self): finally: pth_file.cleanup() + def test_addsitedir_dotfile(self): + pth_file = PthFile('.dotfile') + pth_file.cleanup(prep=True) + try: + pth_file.create() + site.addsitedir(pth_file.base_dir, set()) + self.assertNotIn(site.makepath(pth_file.good_dir_path)[0], sys.path) + self.assertIn(pth_file.base_dir, sys.path) + finally: + pth_file.cleanup() + + @unittest.skipUnless(hasattr(os, 'chflags'), 'test needs os.chflags()') + def test_addsitedir_hidden_pth_file(self): + pth_file = PthFile() + pth_file.cleanup(prep=True) + try: + pth_file.create() + st = os.stat(pth_file.file_path) + os.chflags(target_file, st.st_flags | stat.UF_IMMUTABLE) + site.addsitedir(pth_file.base_dir, set()) + self.assertNotIn(site.makepath(pth_file.good_dir_path)[0], sys.path) + self.assertIn(pth_file.base_dir, sys.path) + finally: + pth_file.cleanup() + # This tests _getuserbase, hence the double underline # to distinguish from a test for getuserbase def test__getuserbase(self): diff --git a/Misc/NEWS.d/next/Security/2024-01-02-19-52-23.gh-issue-113659.DkmnQc.rst b/Misc/NEWS.d/next/Security/2024-01-02-19-52-23.gh-issue-113659.DkmnQc.rst new file mode 100644 index 00000000000000..744687e72324d1 --- /dev/null +++ b/Misc/NEWS.d/next/Security/2024-01-02-19-52-23.gh-issue-113659.DkmnQc.rst @@ -0,0 +1 @@ +Skip ``.pth`` files with names starting with a dot or hidden file attribute. From 7da1ed440c8c6259402d33095f63a86e22147952 Mon Sep 17 00:00:00 2001 From: Serhiy Storchaka Date: Tue, 2 Jan 2024 20:14:35 +0200 Subject: [PATCH 2/7] Fix typo. --- Lib/test/test_site.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Lib/test/test_site.py b/Lib/test/test_site.py index 67a45edd71a0af..dba4f9b261d32a 100644 --- a/Lib/test/test_site.py +++ b/Lib/test/test_site.py @@ -212,7 +212,7 @@ def test_addsitedir_hidden_pth_file(self): try: pth_file.create() st = os.stat(pth_file.file_path) - os.chflags(target_file, st.st_flags | stat.UF_IMMUTABLE) + os.chflags(pth_file.file_path, st.st_flags | stat.UF_IMMUTABLE) site.addsitedir(pth_file.base_dir, set()) self.assertNotIn(site.makepath(pth_file.good_dir_path)[0], sys.path) self.assertIn(pth_file.base_dir, sys.path) From 348130d19dd9ac340b9a34939e4d62247e2309e4 Mon Sep 17 00:00:00 2001 From: Serhiy Storchaka Date: Tue, 2 Jan 2024 21:47:37 +0200 Subject: [PATCH 3/7] Add missed import in tests. --- Lib/test/test_site.py | 1 + 1 file changed, 1 insertion(+) diff --git a/Lib/test/test_site.py b/Lib/test/test_site.py index dba4f9b261d32a..9c122a1dd6cd7a 100644 --- a/Lib/test/test_site.py +++ b/Lib/test/test_site.py @@ -18,6 +18,7 @@ import os import re import shutil +import stat import subprocess import sys import sysconfig From dfbc6eff30a43ac23b024dcdefdbc7d76fc5b6b9 Mon Sep 17 00:00:00 2001 From: Serhiy Storchaka Date: Tue, 2 Jan 2024 22:32:06 +0200 Subject: [PATCH 4/7] Update Lib/test/test_site.py Co-authored-by: Ronald Oussoren --- Lib/test/test_site.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Lib/test/test_site.py b/Lib/test/test_site.py index 9c122a1dd6cd7a..09b30f5dec5d4f 100644 --- a/Lib/test/test_site.py +++ b/Lib/test/test_site.py @@ -213,7 +213,7 @@ def test_addsitedir_hidden_pth_file(self): try: pth_file.create() st = os.stat(pth_file.file_path) - os.chflags(pth_file.file_path, st.st_flags | stat.UF_IMMUTABLE) + os.chflags(pth_file.file_path, st.st_flags | stat.UF_HIDDEN) site.addsitedir(pth_file.base_dir, set()) self.assertNotIn(site.makepath(pth_file.good_dir_path)[0], sys.path) self.assertIn(pth_file.base_dir, sys.path) From 59ee5f35683a8756d0618e4c39fddac9843c78aa Mon Sep 17 00:00:00 2001 From: Serhiy Storchaka Date: Fri, 5 Jan 2024 20:48:38 +0200 Subject: [PATCH 5/7] Test also the hidden flag for symlink target. --- Lib/site.py | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/Lib/site.py b/Lib/site.py index efc1f046787ec2..a40d06ff3e293d 100644 --- a/Lib/site.py +++ b/Lib/site.py @@ -177,7 +177,6 @@ def addpackage(sitedir, name, known_paths): (getattr(st, 'st_file_attributes', 0) & stat.FILE_ATTRIBUTE_HIDDEN)): _trace(f"Skipping hidden .pth file: {fullname!r}") return - _trace(f"Processing .pth file: {fullname!r}") try: # locale encoding is not ideal especially on Windows. But we have used # it for a long time. setuptools uses the locale encoding too. @@ -185,6 +184,15 @@ def addpackage(sitedir, name, known_paths): except OSError: return with f: + if stat.S_ISLNK(st.st_mode) and hasattr(st, 'st_flags'): + try: + st = os.fstat(f.fileno()) + except OSError: + return + if st.st_flags & stat.UF_HIDDEN: + _trace(f"Skipping hidden .pth file: {fullname!r}") + return + _trace(f"Processing .pth file: {fullname!r}") for n, line in enumerate(f): if line.startswith("#"): continue From 0cb35196975e4395485b53e706c63a789a14973e Mon Sep 17 00:00:00 2001 From: Serhiy Storchaka Date: Fri, 5 Jan 2024 21:47:43 +0200 Subject: [PATCH 6/7] Test hidden file attribute on Windows. --- Lib/test/test_site.py | 16 +++++++++++++++- 1 file changed, 15 insertions(+), 1 deletion(-) diff --git a/Lib/test/test_site.py b/Lib/test/test_site.py index 09b30f5dec5d4f..f6989e34ecedde 100644 --- a/Lib/test/test_site.py +++ b/Lib/test/test_site.py @@ -207,7 +207,7 @@ def test_addsitedir_dotfile(self): pth_file.cleanup() @unittest.skipUnless(hasattr(os, 'chflags'), 'test needs os.chflags()') - def test_addsitedir_hidden_pth_file(self): + def test_addsitedir_hidden_flags(self): pth_file = PthFile() pth_file.cleanup(prep=True) try: @@ -220,6 +220,20 @@ def test_addsitedir_hidden_pth_file(self): finally: pth_file.cleanup() + @unittest.skipUnless(sys.platform == 'win32', 'test needs Windows') + @support.requires_subprocess() + def test_addsitedir_hidden_file_attribute(self): + pth_file = PthFile() + pth_file.cleanup(prep=True) + try: + pth_file.create() + subprocess.check_call(['attrib', '+H', pth_file.file_path]) + site.addsitedir(pth_file.base_dir, set()) + self.assertNotIn(site.makepath(pth_file.good_dir_path)[0], sys.path) + self.assertIn(pth_file.base_dir, sys.path) + finally: + pth_file.cleanup() + # This tests _getuserbase, hence the double underline # to distinguish from a test for getuserbase def test__getuserbase(self): From 1cef7cd8b00d336a4d1d742855dc8ce74f410c38 Mon Sep 17 00:00:00 2001 From: Serhiy Storchaka Date: Fri, 5 Jan 2024 21:50:48 +0200 Subject: [PATCH 7/7] Revert "Test also the hidden flag for symlink target." This reverts commit 59ee5f35683a8756d0618e4c39fddac9843c78aa. --- Lib/site.py | 10 +--------- 1 file changed, 1 insertion(+), 9 deletions(-) diff --git a/Lib/site.py b/Lib/site.py index a40d06ff3e293d..efc1f046787ec2 100644 --- a/Lib/site.py +++ b/Lib/site.py @@ -177,6 +177,7 @@ def addpackage(sitedir, name, known_paths): (getattr(st, 'st_file_attributes', 0) & stat.FILE_ATTRIBUTE_HIDDEN)): _trace(f"Skipping hidden .pth file: {fullname!r}") return + _trace(f"Processing .pth file: {fullname!r}") try: # locale encoding is not ideal especially on Windows. But we have used # it for a long time. setuptools uses the locale encoding too. @@ -184,15 +185,6 @@ def addpackage(sitedir, name, known_paths): except OSError: return with f: - if stat.S_ISLNK(st.st_mode) and hasattr(st, 'st_flags'): - try: - st = os.fstat(f.fileno()) - except OSError: - return - if st.st_flags & stat.UF_HIDDEN: - _trace(f"Skipping hidden .pth file: {fullname!r}") - return - _trace(f"Processing .pth file: {fullname!r}") for n, line in enumerate(f): if line.startswith("#"): continue