# HG changeset patch
# User Jeroen Demeyer <jdemeyer@cage.ugent.be>
# Date 1350402175 -7200
# Node ID 674909732ddff09890eaeb91e708de59d86766da
# Parent 061ee93f75f7736e214dacd4e32a9c5b9d4a5cbf
Only run doctests from safe directories (not writable by untrusted users)
diff --git a/sage-ptest b/sage-ptest
a
|
b
|
|
66 | 66 | # Exit status for the whole run. |
67 | 67 | err = 0 |
68 | 68 | |
| 69 | # Check that the current directory is sufficiently safe to run Python |
| 70 | # code from. We use the check added to Python for this, which gives a |
| 71 | # warning when the current directory is considered unsafe. We promote |
| 72 | # this warning to an error with -Werror. See sage/tests/cmdline.py |
| 73 | # for a doctest that this works, see also Sage Trac #13579. |
| 74 | import subprocess |
| 75 | with open(os.devnull, 'w') as dev_null: |
| 76 | if subprocess.call(['python', '-Werror', '-c', ''], stdout=dev_null, stderr=dev_null) != 0: |
| 77 | raise RuntimeError("refusing to run doctests from the current "\ |
| 78 | "directory '{}' since untrusted users could put files in "\ |
| 79 | "this directory, making it unsafe to run Sage code from"\ |
| 80 | .format(os.getcwd())) |
| 81 | |
69 | 82 | def strip_automount_prefix(filename): |
70 | 83 | """ |
71 | 84 | Strip prefixes added on automounted filesystems in some cases, |
diff --git a/sage-test b/sage-test
a
|
b
|
|
39 | 39 | if not os.path.isdir(SAGE_TESTDIR): |
40 | 40 | raise |
41 | 41 | |
| 42 | # Check that the current directory is sufficiently safe to run Python |
| 43 | # code from. We use the check added to Python for this, which gives a |
| 44 | # warning when the current directory is considered unsafe. We promote |
| 45 | # this warning to an error with -Werror. See sage/tests/cmdline.py |
| 46 | # for a doctest that this works, see also Sage Trac #13579. |
| 47 | import subprocess |
| 48 | with open(os.devnull, 'w') as dev_null: |
| 49 | if subprocess.call(['python', '-Werror', '-c', ''], stdout=dev_null, stderr=dev_null) != 0: |
| 50 | raise RuntimeError("refusing to run doctests from the current "\ |
| 51 | "directory '{}' since untrusted users could put files in "\ |
| 52 | "this directory, making it unsafe to run Sage code from"\ |
| 53 | .format(os.getcwd())) |
| 54 | |
42 | 55 | def sage_test_command(f): |
43 | 56 | g = abspath(f) |
44 | 57 | if SAGE_ROOT in g: |