diff options
| -rw-r--r-- | Lib/distutils/command/build_py.py | 6 | ||||
| -rw-r--r-- | Lib/idlelib/tree.py | 2 | ||||
| -rw-r--r-- | Lib/imghdr.py | 2 | ||||
| -rwxr-xr-x | Lib/pdb.py | 2 | ||||
| -rw-r--r-- | Lib/sndhdr.py | 2 | ||||
| -rw-r--r-- | Lib/test/_test_multiprocessing.py | 2 | ||||
| -rw-r--r-- | Lib/test/libregrtest/main.py | 2 | ||||
| -rw-r--r-- | Lib/test/support/__init__.py | 2 | ||||
| -rw-r--r-- | Lib/test/test_bz2.py | 2 | ||||
| -rw-r--r-- | Lib/test/test_crashers.py | 2 | ||||
| -rw-r--r-- | Lib/test/test_dbm.py | 2 | ||||
| -rw-r--r-- | Lib/test/test_import/__init__.py | 2 | ||||
| -rw-r--r-- | Lib/test/test_mailbox.py | 4 | ||||
| -rw-r--r-- | Lib/test/test_regrtest.py | 2 | ||||
| -rw-r--r-- | Lib/test/test_site.py | 2 | ||||
| -rw-r--r-- | Lib/test/test_tokenize.py | 2 | ||||
| -rw-r--r-- | Lib/test/test_unicode_file.py | 2 | ||||
| -rwxr-xr-x | Lib/webbrowser.py | 2 | ||||
| -rw-r--r-- | Misc/NEWS.d/next/Library/2020-06-20-00-19-30.bpo-41043.p-Pk-H.rst | 2 | ||||
| -rw-r--r-- | Tools/c-analyzer/c_analyzer/common/files.py | 6 | ||||
| -rw-r--r-- | Tools/c-analyzer/check-c-globals.py | 4 | ||||
| -rwxr-xr-x | Tools/peg_generator/scripts/test_parse_directory.py | 4 | ||||
| -rwxr-xr-x | Tools/ssl/make_ssl_data.py | 2 | ||||
| -rw-r--r-- | setup.py | 8 |
24 files changed, 37 insertions, 31 deletions
diff --git a/Lib/distutils/command/build_py.py b/Lib/distutils/command/build_py.py index cf0ca57..edc2171 100644 --- a/Lib/distutils/command/build_py.py +++ b/Lib/distutils/command/build_py.py @@ -5,7 +5,7 @@ Implements the Distutils 'build_py' command.""" import os import importlib.util import sys -from glob import glob +import glob from distutils.core import Command from distutils.errors import * @@ -125,7 +125,7 @@ class build_py (Command): files = [] for pattern in globs: # Each pattern has to be converted to a platform-specific path - filelist = glob(os.path.join(src_dir, convert_path(pattern))) + filelist = glob.glob(os.path.join(glob.escape(src_dir), convert_path(pattern))) # Files that match more than one pattern are only added once files.extend([fn for fn in filelist if fn not in files and os.path.isfile(fn)]) @@ -216,7 +216,7 @@ class build_py (Command): def find_package_modules(self, package, package_dir): self.check_package(package, package_dir) - module_files = glob(os.path.join(package_dir, "*.py")) + module_files = glob.glob(os.path.join(glob.escape(package_dir), "*.py")) modules = [] setup_script = os.path.abspath(self.distribution.script_name) diff --git a/Lib/idlelib/tree.py b/Lib/idlelib/tree.py index 6229be4..5947268 100644 --- a/Lib/idlelib/tree.py +++ b/Lib/idlelib/tree.py @@ -38,7 +38,7 @@ def listicons(icondir=ICONDIR): """Utility to display the available icons.""" root = Tk() import glob - list = glob.glob(os.path.join(icondir, "*.gif")) + list = glob.glob(os.path.join(glob.escape(icondir), "*.gif")) list.sort() images = [] row = column = 0 diff --git a/Lib/imghdr.py b/Lib/imghdr.py index 76e8abb..6e01fd8 100644 --- a/Lib/imghdr.py +++ b/Lib/imghdr.py @@ -152,7 +152,7 @@ def testall(list, recursive, toplevel): if recursive or toplevel: print('recursing down:') import glob - names = glob.glob(os.path.join(filename, '*')) + names = glob.glob(os.path.join(glob.escape(filename), '*')) testall(names, recursive, 0) else: print('*** directory (use -r) ***') @@ -473,7 +473,7 @@ class Pdb(bdb.Bdb, cmd.Cmd): except Exception: ret = [] # Then, try to complete file names as well. - globs = glob.glob(text + '*') + globs = glob.glob(glob.escape(text) + '*') for fn in globs: if os.path.isdir(fn): ret.append(fn + '/') diff --git a/Lib/sndhdr.py b/Lib/sndhdr.py index 5943531..96595c6 100644 --- a/Lib/sndhdr.py +++ b/Lib/sndhdr.py @@ -241,7 +241,7 @@ def testall(list, recursive, toplevel): if recursive or toplevel: print('recursing down:') import glob - names = glob.glob(os.path.join(filename, '*')) + names = glob.glob(os.path.join(glob.escape(filename), '*')) testall(names, recursive, 0) else: print('*** directory (use -r) ***') diff --git a/Lib/test/_test_multiprocessing.py b/Lib/test/_test_multiprocessing.py index 444e234..5f65d96 100644 --- a/Lib/test/_test_multiprocessing.py +++ b/Lib/test/_test_multiprocessing.py @@ -4260,7 +4260,7 @@ class _TestImportStar(unittest.TestCase): def get_module_names(self): import glob folder = os.path.dirname(multiprocessing.__file__) - pattern = os.path.join(folder, '*.py') + pattern = os.path.join(glob.escape(folder), '*.py') files = glob.glob(pattern) modules = [os.path.splitext(os.path.split(f)[1])[0] for f in files] modules = ['multiprocessing.' + m for m in modules] diff --git a/Lib/test/libregrtest/main.py b/Lib/test/libregrtest/main.py index 95b4856..adf31cc 100644 --- a/Lib/test/libregrtest/main.py +++ b/Lib/test/libregrtest/main.py @@ -602,7 +602,7 @@ class Regrtest: def cleanup(self): import glob - path = os.path.join(self.tmp_dir, 'test_python_*') + path = os.path.join(glob.escape(self.tmp_dir), 'test_python_*') print("Cleanup %s directory" % self.tmp_dir) for name in glob.glob(path): if os.path.isdir(name): diff --git a/Lib/test/support/__init__.py b/Lib/test/support/__init__.py index bceb8cd..5707d8e 100644 --- a/Lib/test/support/__init__.py +++ b/Lib/test/support/__init__.py @@ -1345,7 +1345,7 @@ class PythonSymlink: dll, os.path.join(dest_dir, os.path.basename(dll)) )) - for runtime in glob.glob(os.path.join(src_dir, "vcruntime*.dll")): + for runtime in glob.glob(os.path.join(glob.escape(src_dir), "vcruntime*.dll")): self._also_link.append(( runtime, os.path.join(dest_dir, os.path.basename(runtime)) diff --git a/Lib/test/test_bz2.py b/Lib/test/test_bz2.py index 91ccff2..8f0773d 100644 --- a/Lib/test/test_bz2.py +++ b/Lib/test/test_bz2.py @@ -70,7 +70,7 @@ class BaseTest(unittest.TestCase): # simply use the bigger test data for all tests. test_size = 0 BIG_TEXT = bytearray(128*1024) - for fname in glob.glob(os.path.join(os.path.dirname(__file__), '*.py')): + for fname in glob.glob(os.path.join(glob.escape(os.path.dirname(__file__)), '*.py')): with open(fname, 'rb') as fh: test_size += fh.readinto(memoryview(BIG_TEXT)[test_size:]) if test_size > 128*1024: diff --git a/Lib/test/test_crashers.py b/Lib/test/test_crashers.py index 58dfd00..31b7120 100644 --- a/Lib/test/test_crashers.py +++ b/Lib/test/test_crashers.py @@ -11,7 +11,7 @@ import test.support from test.support.script_helper import assert_python_failure CRASHER_DIR = os.path.join(os.path.dirname(__file__), "crashers") -CRASHER_FILES = os.path.join(CRASHER_DIR, "*.py") +CRASHER_FILES = os.path.join(glob.escape(CRASHER_DIR), "*.py") infinite_loops = ["infinite_loop_re.py", "nasty_eq_vs_dict.py"] diff --git a/Lib/test/test_dbm.py b/Lib/test/test_dbm.py index 1db3bef..571da97 100644 --- a/Lib/test/test_dbm.py +++ b/Lib/test/test_dbm.py @@ -33,7 +33,7 @@ def dbm_iterator(): def delete_files(): # we don't know the precise name the underlying database uses # so we use glob to locate all names - for f in glob.glob(_fname + "*"): + for f in glob.glob(glob.escape(_fname) + "*"): test.support.unlink(f) diff --git a/Lib/test/test_import/__init__.py b/Lib/test/test_import/__init__.py index 060d145..a04cf65 100644 --- a/Lib/test/test_import/__init__.py +++ b/Lib/test/test_import/__init__.py @@ -486,7 +486,7 @@ class ImportTests(unittest.TestCase): pyexe = os.path.join(tmp, os.path.basename(sys.executable)) shutil.copy(sys.executable, pyexe) shutil.copy(dllname, tmp) - for f in glob.glob(os.path.join(sys.prefix, "vcruntime*.dll")): + for f in glob.glob(os.path.join(glob.escape(sys.prefix), "vcruntime*.dll")): shutil.copy(f, tmp) shutil.copy(pydname, tmp2) diff --git a/Lib/test/test_mailbox.py b/Lib/test/test_mailbox.py index fdda1d1..6f891d4 100644 --- a/Lib/test/test_mailbox.py +++ b/Lib/test/test_mailbox.py @@ -979,7 +979,7 @@ class _TestMboxMMDF(_TestSingleFile): super().tearDown() self._box.close() self._delete_recursively(self._path) - for lock_remnant in glob.glob(self._path + '.*'): + for lock_remnant in glob.glob(glob.escape(self._path) + '.*'): support.unlink(lock_remnant) def assertMailboxEmpty(self): @@ -1311,7 +1311,7 @@ class TestBabyl(_TestSingleFile, unittest.TestCase): super().tearDown() self._box.close() self._delete_recursively(self._path) - for lock_remnant in glob.glob(self._path + '.*'): + for lock_remnant in glob.glob(glob.escape(self._path) + '.*'): support.unlink(lock_remnant) def test_labels(self): diff --git a/Lib/test/test_regrtest.py b/Lib/test/test_regrtest.py index de209da..6745be6 100644 --- a/Lib/test/test_regrtest.py +++ b/Lib/test/test_regrtest.py @@ -556,7 +556,7 @@ class CheckActualTests(BaseTestCase): args = ['-Wd', '-E', '-bb', '-m', 'test.regrtest', '--list-tests'] output = self.run_python(args) rough_number_of_tests_found = len(output.splitlines()) - actual_testsuite_glob = os.path.join(os.path.dirname(__file__), + actual_testsuite_glob = os.path.join(glob.escape(os.path.dirname(__file__)), 'test*.py') rough_counted_test_py_files = len(glob.glob(actual_testsuite_glob)) # We're not trying to duplicate test finding logic in here, diff --git a/Lib/test/test_site.py b/Lib/test/test_site.py index 9f4a8bc..9751c64 100644 --- a/Lib/test/test_site.py +++ b/Lib/test/test_site.py @@ -543,7 +543,7 @@ class StartupImportTests(unittest.TestCase): # found in sys.path (see site.addpackage()). Skip the test if at least # one .pth file is found. for path in isolated_paths: - pth_files = glob.glob(os.path.join(path, "*.pth")) + pth_files = glob.glob(os.path.join(glob.escape(path), "*.pth")) if pth_files: self.skipTest(f"found {len(pth_files)} .pth files in: {path}") diff --git a/Lib/test/test_tokenize.py b/Lib/test/test_tokenize.py index 4c90092..6de7aa8 100644 --- a/Lib/test/test_tokenize.py +++ b/Lib/test/test_tokenize.py @@ -1605,7 +1605,7 @@ class TestRoundtrip(TestCase): import glob, random fn = support.findfile("tokenize_tests.txt") tempdir = os.path.dirname(fn) or os.curdir - testfiles = glob.glob(os.path.join(tempdir, "test*.py")) + testfiles = glob.glob(os.path.join(glob.escape(tempdir), "test*.py")) # Tokenize is broken on test_pep3131.py because regular expressions are # broken on the obscure unicode identifiers in it. *sigh* diff --git a/Lib/test/test_unicode_file.py b/Lib/test/test_unicode_file.py index ed1f6ce..46a0d06 100644 --- a/Lib/test/test_unicode_file.py +++ b/Lib/test/test_unicode_file.py @@ -41,7 +41,7 @@ class TestUnicodeFiles(unittest.TestCase): self._do_copyish(filename, filename) # Filename should appear in glob output self.assertTrue( - os.path.abspath(filename)==os.path.abspath(glob.glob(filename)[0])) + os.path.abspath(filename)==os.path.abspath(glob.glob(glob.escape(filename))[0])) # basename should appear in listdir. path, base = os.path.split(os.path.abspath(filename)) file_list = os.listdir(path) diff --git a/Lib/webbrowser.py b/Lib/webbrowser.py index 3dcf66b..31e1df4 100755 --- a/Lib/webbrowser.py +++ b/Lib/webbrowser.py @@ -413,7 +413,7 @@ class Grail(BaseBrowser): tempdir = os.path.join(tempfile.gettempdir(), ".grail-unix") user = pwd.getpwuid(os.getuid())[0] - filename = os.path.join(tempdir, user + "-*") + filename = os.path.join(glob.escape(tempdir), glob.escape(user) + "-*") maybes = glob.glob(filename) if not maybes: return None diff --git a/Misc/NEWS.d/next/Library/2020-06-20-00-19-30.bpo-41043.p-Pk-H.rst b/Misc/NEWS.d/next/Library/2020-06-20-00-19-30.bpo-41043.p-Pk-H.rst new file mode 100644 index 0000000..9c6020e --- /dev/null +++ b/Misc/NEWS.d/next/Library/2020-06-20-00-19-30.bpo-41043.p-Pk-H.rst @@ -0,0 +1,2 @@ +Fixed the use of :func:`~glob.glob` in the stdlib: literal part of the path +is now always correctly escaped. diff --git a/Tools/c-analyzer/c_analyzer/common/files.py b/Tools/c-analyzer/c_analyzer/common/files.py index ab551a8..f630afe 100644 --- a/Tools/c-analyzer/c_analyzer/common/files.py +++ b/Tools/c-analyzer/c_analyzer/common/files.py @@ -41,6 +41,8 @@ def walk_tree(root, *, def glob_tree(root, *, suffix=None, _glob=glob.iglob, + _escape=glob.escape, + _join=os.path.join, ): """Yield each file in the tree under the given directory name. @@ -51,9 +53,9 @@ def glob_tree(root, *, if not isinstance(suffix, str): raise ValueError('suffix must be a string') - for filename in _glob(f'{root}/*{suffix}'): + for filename in _glob(_join(_escape(root), f'*{suffix}')): yield filename - for filename in _glob(f'{root}/**/*{suffix}'): + for filename in _glob(_join(_escape(root), f'**/*{suffix}')): yield filename diff --git a/Tools/c-analyzer/check-c-globals.py b/Tools/c-analyzer/check-c-globals.py index e68ed92..1371f92 100644 --- a/Tools/c-analyzer/check-c-globals.py +++ b/Tools/c-analyzer/check-c-globals.py @@ -37,7 +37,9 @@ IGNORED_VARS = { def find_capi_vars(root): capi_vars = {} for dirname in SOURCE_DIRS: - for filename in glob.glob(os.path.join(ROOT_DIR, dirname, '**/*.[hc]'), + for filename in glob.glob(os.path.join( + glob.escape(os.path.join(ROOT_DIR, dirname)), + '**/*.[hc]'), recursive=True): with open(filename) as file: for name in _find_capi_vars(file): diff --git a/Tools/peg_generator/scripts/test_parse_directory.py b/Tools/peg_generator/scripts/test_parse_directory.py index d8f4f0e..a5e26f0 100755 --- a/Tools/peg_generator/scripts/test_parse_directory.py +++ b/Tools/peg_generator/scripts/test_parse_directory.py @@ -7,7 +7,7 @@ import sys import time import traceback import tokenize -from glob import glob +from glob import glob, escape from pathlib import PurePath from typing import List, Optional, Any, Tuple @@ -109,7 +109,7 @@ def parse_directory(directory: str, verbose: bool, excluded_files: List[str], sh files = [] total_seconds = 0 - for file in sorted(glob(f"{directory}/**/*.py", recursive=True)): + for file in sorted(glob(os.path.join(escape(directory), f"**/*.py"), recursive=True)): # Only attempt to parse Python files and files that are not excluded if any(PurePath(file).match(pattern) for pattern in excluded_files): continue diff --git a/Tools/ssl/make_ssl_data.py b/Tools/ssl/make_ssl_data.py index a29c04a..1dc234f 100755 --- a/Tools/ssl/make_ssl_data.py +++ b/Tools/ssl/make_ssl_data.py @@ -39,7 +39,7 @@ if __name__ == "__main__": f = sys.stdout if use_stdout else open(outfile, "w") # mnemonic -> (library code, error prefix, header file) error_libraries = {} - for error_header in glob.glob(os.path.join(openssl_inc, 'include/openssl/*err.h')): + for error_header in glob.glob(os.path.join(glob.escape(openssl_inc), 'include/openssl/*err.h')): base = os.path.basename(error_header) if base in ('buffererr.h', 'objectserr.h', 'storeerr.h'): # Deprecated in 3.0. @@ -8,7 +8,7 @@ import os import re import sys import sysconfig -from glob import glob +from glob import glob, escape try: @@ -401,7 +401,7 @@ class PyBuildExt(build_ext): # Python header files headers = [sysconfig.get_config_h_filename()] - headers += glob(os.path.join(sysconfig.get_path('include'), "*.h")) + headers += glob(os.path.join(escape(sysconfig.get_path('include')), "*.h")) for ext in self.extensions: ext.sources = [ find_module_file(filename, moddirlist) @@ -2431,7 +2431,7 @@ class PyBuildExt(build_ext): if "blake2" in configured: blake2_deps = glob( - os.path.join(self.srcdir, 'Modules/_blake2/impl/*') + os.path.join(escape(self.srcdir), 'Modules/_blake2/impl/*') ) blake2_deps.append('hashlib.h') self.add(Extension( @@ -2446,7 +2446,7 @@ class PyBuildExt(build_ext): if "sha3" in configured: sha3_deps = glob( - os.path.join(self.srcdir, 'Modules/_sha3/kcp/*') + os.path.join(escape(self.srcdir), 'Modules/_sha3/kcp/*') ) sha3_deps.append('hashlib.h') self.add(Extension( |