mirror of
https://github.com/python-pillow/Pillow.git
synced 2024-11-14 05:36:48 +03:00
4cd4adddc3
Follow Python's file object semantics. User code is responsible for closing resources (usually through a context manager) in a deterministic way. To achieve this, remove __del__ functions. These functions used to closed open file handlers in an attempt to silence Python ResourceWarnings. However, using __del__ has the following drawbacks: - __del__ isn't called until the object's reference count reaches 0. Therefore, resource handlers remain open or in use longer than necessary. - The __del__ method isn't guaranteed to execute on system exit. See the Python documentation: https://docs.python.org/3/reference/datamodel.html#object.__del__ > It is not guaranteed that __del__() methods are called for objects > that still exist when the interpreter exits. - Exceptions that occur inside __del__ are ignored instead of raised. This has the potential of hiding bugs. This is also in the Python documentation: > Warning: Due to the precarious circumstances under which __del__() > methods are invoked, exceptions that occur during their execution > are ignored, and a warning is printed to sys.stderr instead. Instead, always close resource handlers when they are no longer in use. This will close the file handler at a specified point in the user's code and not wait until the interpreter chooses to. It is always guaranteed to run. And, if an exception occurs while closing the file handler, the bug will not be ignored. Now, when code receives a ResourceWarning, it will highlight an area that is mishandling resources. It should not simply be silenced, but fixed by closing resources with a context manager. All warnings that were emitted during tests have been cleaned up. To enable warnings, I passed the `-Wa` CLI option to Python. This exposed some mishandling of resources in ImageFile.__init__() and SpiderImagePlugin.loadImageSeries(), they too were fixed.
55 lines
1.8 KiB
Python
55 lines
1.8 KiB
Python
import shutil
|
|
|
|
from PIL import GifImagePlugin, Image, JpegImagePlugin
|
|
|
|
from .helper import (
|
|
PillowTestCase,
|
|
cjpeg_available,
|
|
djpeg_available,
|
|
is_win32,
|
|
netpbm_available,
|
|
unittest,
|
|
)
|
|
|
|
TEST_JPG = "Tests/images/hopper.jpg"
|
|
TEST_GIF = "Tests/images/hopper.gif"
|
|
|
|
test_filenames = ("temp_';", 'temp_";', "temp_'\"|", "temp_'\"||", "temp_'\"&&")
|
|
|
|
|
|
@unittest.skipIf(is_win32(), "requires Unix or macOS")
|
|
class TestShellInjection(PillowTestCase):
|
|
def assert_save_filename_check(self, src_img, save_func):
|
|
for filename in test_filenames:
|
|
dest_file = self.tempfile(filename)
|
|
save_func(src_img, 0, dest_file)
|
|
# If file can't be opened, shell injection probably occurred
|
|
with Image.open(dest_file) as im:
|
|
im.load()
|
|
|
|
@unittest.skipUnless(djpeg_available(), "djpeg not available")
|
|
def test_load_djpeg_filename(self):
|
|
for filename in test_filenames:
|
|
src_file = self.tempfile(filename)
|
|
shutil.copy(TEST_JPG, src_file)
|
|
|
|
with Image.open(src_file) as im:
|
|
im.load_djpeg()
|
|
|
|
@unittest.skipUnless(cjpeg_available(), "cjpeg not available")
|
|
def test_save_cjpeg_filename(self):
|
|
im = Image.open(TEST_JPG)
|
|
self.assert_save_filename_check(im, JpegImagePlugin._save_cjpeg)
|
|
|
|
@unittest.skipUnless(netpbm_available(), "netpbm not available")
|
|
def test_save_netpbm_filename_bmp_mode(self):
|
|
with Image.open(TEST_GIF) as im:
|
|
im = im.convert("RGB")
|
|
self.assert_save_filename_check(im, GifImagePlugin._save_netpbm)
|
|
|
|
@unittest.skipUnless(netpbm_available(), "netpbm not available")
|
|
def test_save_netpbm_filename_l_mode(self):
|
|
with Image.open(TEST_GIF) as im:
|
|
im = im.convert("L")
|
|
self.assert_save_filename_check(im, GifImagePlugin._save_netpbm)
|