diff options
author | Serhiy Storchaka <storchaka@gmail.com> | 2015-02-15 22:30:43 (GMT) |
---|---|---|
committer | Serhiy Storchaka <storchaka@gmail.com> | 2015-02-15 22:30:43 (GMT) |
commit | 74eb8b2d1a1db905cffc4efcd1cefaf1f725cd81 (patch) | |
tree | 55874458c25a5c5cf90ce30a120ce50f9cc43f62 /Lib/test | |
parent | 57fffd6f99d55ccd623b381622b989410a695b99 (diff) | |
download | cpython-74eb8b2d1a1db905cffc4efcd1cefaf1f725cd81.zip cpython-74eb8b2d1a1db905cffc4efcd1cefaf1f725cd81.tar.gz cpython-74eb8b2d1a1db905cffc4efcd1cefaf1f725cd81.tar.bz2 |
Issue #22885: Fixed arbitrary code execution vulnerability in the dbm.dumb
module. Original patch by Claudiu Popa.
Diffstat (limited to 'Lib/test')
-rw-r--r-- | Lib/test/test_dbm_dumb.py | 9 |
1 files changed, 9 insertions, 0 deletions
diff --git a/Lib/test/test_dbm_dumb.py b/Lib/test/test_dbm_dumb.py index 29f48a3..dc88ca6 100644 --- a/Lib/test/test_dbm_dumb.py +++ b/Lib/test/test_dbm_dumb.py @@ -217,6 +217,15 @@ class DumbDBMTestCase(unittest.TestCase): self.assertEqual(str(cm.exception), "DBM object has already been closed") + def test_eval(self): + with open(_fname + '.dir', 'w') as stream: + stream.write("str(print('Hacked!')), 0\n") + with support.captured_stdout() as stdout: + with self.assertRaises(ValueError): + with dumbdbm.open(_fname) as f: + pass + self.assertEqual(stdout.getvalue(), '') + def tearDown(self): _delete_files() |