Unintended behaviour in absltest.py

[adric-work]

It seems like this section of code allows someone to pass in an arbitrary path name in tempfile, which then causes the code to zero out the provided path (rather than a temporary file) if the person running the test also happens to own the file:

abseil-py/absl/testing/absltest.py

Lines 390 to 396 in 9764133

	path = os.path.join(base_path, file_path)
	os.makedirs(os.path.dirname(path), exist_ok=True)
	# The file may already exist, in which case, ensure it's writable so that
	# it can be truncated.
	if os.path.exists(path) and not os.access(path, os.W_OK):
	stat_info = os.stat(path)
	os.chmod(path, stat_info.st_mode | stat.S_IWUSR)

Example:

import pathlib

from adric-work.testing.pybase import test

class BugTest(test.TestCase):

def testBug(self):
    # bad_path = pathlib.Path.home() / 'hello_bug' / 'a_file.txt'
    # my_file = self.create_tempfile(bad_path.as_posix())
    bad_path = '/usr/local/work/home/adric-work/hello_bug/a_file.txt'
    my_file = self.create_tempfile(bad_path)


if __name__ == '__main__':
  test.main()