2023-12-21 14:13:31 +03:00
|
|
|
from __future__ import annotations
|
2024-01-20 14:23:03 +03:00
|
|
|
|
2014-06-27 07:37:49 +04:00
|
|
|
import shutil
|
2024-01-31 12:12:58 +03:00
|
|
|
from pathlib import Path
|
2024-02-12 13:06:17 +03:00
|
|
|
from typing import Callable
|
2019-07-06 23:40:53 +03:00
|
|
|
|
2020-03-02 17:02:19 +03:00
|
|
|
import pytest
|
2020-08-07 13:28:33 +03:00
|
|
|
|
2019-07-06 23:40:53 +03:00
|
|
|
from PIL import GifImagePlugin, Image, JpegImagePlugin
|
2014-06-27 07:37:49 +04:00
|
|
|
|
2020-03-02 17:02:19 +03:00
|
|
|
from .helper import cjpeg_available, djpeg_available, is_win32, netpbm_available
|
2014-06-27 07:37:49 +04:00
|
|
|
|
2014-09-04 09:44:46 +04:00
|
|
|
TEST_JPG = "Tests/images/hopper.jpg"
|
|
|
|
|
TEST_GIF = "Tests/images/hopper.gif"
|
2014-06-27 07:37:49 +04:00
|
|
|
|
2019-06-13 18:54:46 +03:00
|
|
|
test_filenames = ("temp_';", 'temp_";', "temp_'\"|", "temp_'\"||", "temp_'\"&&")
|
2014-06-27 07:37:49 +04:00
|
|
|
|
2014-08-28 15:44:19 +04:00
|
|
|
|
2020-03-02 17:02:19 +03:00
|
|
|
@pytest.mark.skipif(is_win32(), reason="Requires Unix or macOS")
|
|
|
|
|
class TestShellInjection:
|
2024-02-12 13:06:17 +03:00
|
|
|
def assert_save_filename_check(
|
|
|
|
|
self,
|
|
|
|
|
tmp_path: Path,
|
|
|
|
|
src_img: Image.Image,
|
|
|
|
|
save_func: Callable[[Image.Image, int, str], None],
|
|
|
|
|
) -> None:
|
2014-06-27 07:37:49 +04:00
|
|
|
for filename in test_filenames:
|
2020-03-02 17:02:19 +03:00
|
|
|
dest_file = str(tmp_path / filename)
|
2014-06-27 07:37:49 +04:00
|
|
|
save_func(src_img, 0, dest_file)
|
|
|
|
|
# If file can't be opened, shell injection probably occurred
|
Improve handling of file resources
Follow Python's file object semantics. User code is responsible for
closing resources (usually through a context manager) in a deterministic
way.
To achieve this, remove __del__ functions. These functions used to
closed open file handlers in an attempt to silence Python
ResourceWarnings. However, using __del__ has the following drawbacks:
- __del__ isn't called until the object's reference count reaches 0.
Therefore, resource handlers remain open or in use longer than
necessary.
- The __del__ method isn't guaranteed to execute on system exit. See the
Python documentation:
https://docs.python.org/3/reference/datamodel.html#object.__del__
> It is not guaranteed that __del__() methods are called for objects
> that still exist when the interpreter exits.
- Exceptions that occur inside __del__ are ignored instead of raised.
This has the potential of hiding bugs. This is also in the Python
documentation:
> Warning: Due to the precarious circumstances under which __del__()
> methods are invoked, exceptions that occur during their execution
> are ignored, and a warning is printed to sys.stderr instead.
Instead, always close resource handlers when they are no longer in use.
This will close the file handler at a specified point in the user's code
and not wait until the interpreter chooses to. It is always guaranteed
to run. And, if an exception occurs while closing the file handler, the
bug will not be ignored.
Now, when code receives a ResourceWarning, it will highlight an area
that is mishandling resources. It should not simply be silenced, but
fixed by closing resources with a context manager.
All warnings that were emitted during tests have been cleaned up. To
enable warnings, I passed the `-Wa` CLI option to Python. This exposed
some mishandling of resources in ImageFile.__init__() and
SpiderImagePlugin.loadImageSeries(), they too were fixed.
2019-05-25 19:30:58 +03:00
|
|
|
with Image.open(dest_file) as im:
|
|
|
|
|
im.load()
|
2014-06-27 07:37:49 +04:00
|
|
|
|
2020-03-02 17:02:19 +03:00
|
|
|
@pytest.mark.skipif(not djpeg_available(), reason="djpeg not available")
|
2024-01-31 12:12:58 +03:00
|
|
|
def test_load_djpeg_filename(self, tmp_path: Path) -> None:
|
2014-06-27 07:37:49 +04:00
|
|
|
for filename in test_filenames:
|
2020-03-02 17:02:19 +03:00
|
|
|
src_file = str(tmp_path / filename)
|
2014-09-04 09:44:46 +04:00
|
|
|
shutil.copy(TEST_JPG, src_file)
|
2014-06-27 07:37:49 +04:00
|
|
|
|
Improve handling of file resources
Follow Python's file object semantics. User code is responsible for
closing resources (usually through a context manager) in a deterministic
way.
To achieve this, remove __del__ functions. These functions used to
closed open file handlers in an attempt to silence Python
ResourceWarnings. However, using __del__ has the following drawbacks:
- __del__ isn't called until the object's reference count reaches 0.
Therefore, resource handlers remain open or in use longer than
necessary.
- The __del__ method isn't guaranteed to execute on system exit. See the
Python documentation:
https://docs.python.org/3/reference/datamodel.html#object.__del__
> It is not guaranteed that __del__() methods are called for objects
> that still exist when the interpreter exits.
- Exceptions that occur inside __del__ are ignored instead of raised.
This has the potential of hiding bugs. This is also in the Python
documentation:
> Warning: Due to the precarious circumstances under which __del__()
> methods are invoked, exceptions that occur during their execution
> are ignored, and a warning is printed to sys.stderr instead.
Instead, always close resource handlers when they are no longer in use.
This will close the file handler at a specified point in the user's code
and not wait until the interpreter chooses to. It is always guaranteed
to run. And, if an exception occurs while closing the file handler, the
bug will not be ignored.
Now, when code receives a ResourceWarning, it will highlight an area
that is mishandling resources. It should not simply be silenced, but
fixed by closing resources with a context manager.
All warnings that were emitted during tests have been cleaned up. To
enable warnings, I passed the `-Wa` CLI option to Python. This exposed
some mishandling of resources in ImageFile.__init__() and
SpiderImagePlugin.loadImageSeries(), they too were fixed.
2019-05-25 19:30:58 +03:00
|
|
|
with Image.open(src_file) as im:
|
|
|
|
|
im.load_djpeg()
|
2014-06-27 07:37:49 +04:00
|
|
|
|
2020-03-02 17:02:19 +03:00
|
|
|
@pytest.mark.skipif(not cjpeg_available(), reason="cjpeg not available")
|
2024-01-31 12:12:58 +03:00
|
|
|
def test_save_cjpeg_filename(self, tmp_path: Path) -> None:
|
2019-11-25 23:03:23 +03:00
|
|
|
with Image.open(TEST_JPG) as im:
|
2020-03-02 17:02:19 +03:00
|
|
|
self.assert_save_filename_check(tmp_path, im, JpegImagePlugin._save_cjpeg)
|
2014-06-27 07:37:49 +04:00
|
|
|
|
2020-03-02 17:02:19 +03:00
|
|
|
@pytest.mark.skipif(not netpbm_available(), reason="Netpbm not available")
|
2024-01-31 12:12:58 +03:00
|
|
|
def test_save_netpbm_filename_bmp_mode(self, tmp_path: Path) -> None:
|
Improve handling of file resources
Follow Python's file object semantics. User code is responsible for
closing resources (usually through a context manager) in a deterministic
way.
To achieve this, remove __del__ functions. These functions used to
closed open file handlers in an attempt to silence Python
ResourceWarnings. However, using __del__ has the following drawbacks:
- __del__ isn't called until the object's reference count reaches 0.
Therefore, resource handlers remain open or in use longer than
necessary.
- The __del__ method isn't guaranteed to execute on system exit. See the
Python documentation:
https://docs.python.org/3/reference/datamodel.html#object.__del__
> It is not guaranteed that __del__() methods are called for objects
> that still exist when the interpreter exits.
- Exceptions that occur inside __del__ are ignored instead of raised.
This has the potential of hiding bugs. This is also in the Python
documentation:
> Warning: Due to the precarious circumstances under which __del__()
> methods are invoked, exceptions that occur during their execution
> are ignored, and a warning is printed to sys.stderr instead.
Instead, always close resource handlers when they are no longer in use.
This will close the file handler at a specified point in the user's code
and not wait until the interpreter chooses to. It is always guaranteed
to run. And, if an exception occurs while closing the file handler, the
bug will not be ignored.
Now, when code receives a ResourceWarning, it will highlight an area
that is mishandling resources. It should not simply be silenced, but
fixed by closing resources with a context manager.
All warnings that were emitted during tests have been cleaned up. To
enable warnings, I passed the `-Wa` CLI option to Python. This exposed
some mishandling of resources in ImageFile.__init__() and
SpiderImagePlugin.loadImageSeries(), they too were fixed.
2019-05-25 19:30:58 +03:00
|
|
|
with Image.open(TEST_GIF) as im:
|
|
|
|
|
im = im.convert("RGB")
|
2020-03-02 17:02:19 +03:00
|
|
|
self.assert_save_filename_check(tmp_path, im, GifImagePlugin._save_netpbm)
|
2014-06-27 07:37:49 +04:00
|
|
|
|
2020-03-02 17:02:19 +03:00
|
|
|
@pytest.mark.skipif(not netpbm_available(), reason="Netpbm not available")
|
2024-01-31 12:12:58 +03:00
|
|
|
def test_save_netpbm_filename_l_mode(self, tmp_path: Path) -> None:
|
Improve handling of file resources
Follow Python's file object semantics. User code is responsible for
closing resources (usually through a context manager) in a deterministic
way.
To achieve this, remove __del__ functions. These functions used to
closed open file handlers in an attempt to silence Python
ResourceWarnings. However, using __del__ has the following drawbacks:
- __del__ isn't called until the object's reference count reaches 0.
Therefore, resource handlers remain open or in use longer than
necessary.
- The __del__ method isn't guaranteed to execute on system exit. See the
Python documentation:
https://docs.python.org/3/reference/datamodel.html#object.__del__
> It is not guaranteed that __del__() methods are called for objects
> that still exist when the interpreter exits.
- Exceptions that occur inside __del__ are ignored instead of raised.
This has the potential of hiding bugs. This is also in the Python
documentation:
> Warning: Due to the precarious circumstances under which __del__()
> methods are invoked, exceptions that occur during their execution
> are ignored, and a warning is printed to sys.stderr instead.
Instead, always close resource handlers when they are no longer in use.
This will close the file handler at a specified point in the user's code
and not wait until the interpreter chooses to. It is always guaranteed
to run. And, if an exception occurs while closing the file handler, the
bug will not be ignored.
Now, when code receives a ResourceWarning, it will highlight an area
that is mishandling resources. It should not simply be silenced, but
fixed by closing resources with a context manager.
All warnings that were emitted during tests have been cleaned up. To
enable warnings, I passed the `-Wa` CLI option to Python. This exposed
some mishandling of resources in ImageFile.__init__() and
SpiderImagePlugin.loadImageSeries(), they too were fixed.
2019-05-25 19:30:58 +03:00
|
|
|
with Image.open(TEST_GIF) as im:
|
|
|
|
|
im = im.convert("L")
|
2020-03-02 17:02:19 +03:00
|
|
|
self.assert_save_filename_check(tmp_path, im, GifImagePlugin._save_netpbm)
|
