Ticket #13579: 13579_scripts.patch

sage-ptest

@@ -66 +66 @@
 # Exit status for the whole run.
 err = 0
 
+# Check that the current directory is sufficiently safe to run Python
+# code from.  We use the check added to Python for this, which gives a
+# warning when the current directory is considered unsafe.  We promote
+# this warning to an error with -Werror.  See sage/tests/cmdline.py
+# for a doctest that this works, see also Sage Trac #13579.
+import subprocess
+with open(os.devnull, 'w') as dev_null:
+    if subprocess.call(['python', '-Werror', '-c', ''], stdout=dev_null, stderr=dev_null) != 0:
+        raise RuntimeError("refusing to run doctests from the current "\
+            "directory '{}' since untrusted users could put files in "\
+            "this directory, making it unsafe to run Sage code from"\
+            .format(os.getcwd()))
+
 def strip_automount_prefix(filename):
     """
     Strip prefixes added on automounted filesystems in some cases,

sage-test

@@ -39 +39 @@
     if not os.path.isdir(SAGE_TESTDIR):
         raise
 
+# Check that the current directory is sufficiently safe to run Python
+# code from.  We use the check added to Python for this, which gives a
+# warning when the current directory is considered unsafe.  We promote
+# this warning to an error with -Werror.  See sage/tests/cmdline.py
+# for a doctest that this works, see also Sage Trac #13579.
+import subprocess
+with open(os.devnull, 'w') as dev_null:
+    if subprocess.call(['python', '-Werror', '-c', ''], stdout=dev_null, stderr=dev_null) != 0:
+        raise RuntimeError("refusing to run doctests from the current "\
+            "directory '{}' since untrusted users could put files in "\
+            "this directory, making it unsafe to run Sage code from"\
+            .format(os.getcwd()))
+
 def sage_test_command(f):
     g = abspath(f)
     if SAGE_ROOT in g: