-
-
Notifications
You must be signed in to change notification settings - Fork 30.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
gh-124651: Quote template strings in venv
activation scripts
#124712
Conversation
This patch properly quotes template strings in `venv` activation scripts. This mitigates potential command injection. Signed-off-by: y5c4l3 <[email protected]>
|
@vsajip Some tests were still failing but none of them is related to this PR I guess. |
@vsajip Summary of the failing tests are posted here. Since they all appeared repeatedly before or after this build, I think this PR is good to go... no? AMD64 Arch Linux TraceRefs PR/1443
x86 Debian Installed with X PR/27
|
Sorry, @y5c4l3 and @vsajip, I could not cleanly backport this to
|
…ythonGH-124712) This patch properly quotes template strings in `venv` activation scripts. This mitigates potential command injection. (cherry picked from commit d48cc82) Co-authored-by: Y5 <[email protected]>
GH-125813 is a backport of this pull request to the 3.13 branch. |
…GH-124712) (GH-125813) (cherry picked from commit d48cc82)
…ythonGH-124712) This patch properly quotes template strings in `venv` activation scripts. This mitigates potential command injection. (cherry picked from commit d48cc82)
…ythonGH-124712) This patch properly quotes template strings in `venv` activation scripts. This mitigates potential command injection. (cherry picked from commit d48cc82)
GH-126185 is a backport of this pull request to the 3.12 branch. |
…GH-124712) (GH-126185) (cherry picked from commit d48cc82)
This comment was marked as off-topic.
This comment was marked as off-topic.
1 similar comment
This comment was marked as outdated.
This comment was marked as outdated.
…GH-124712) (GH-126185) (GH-126269) (GH-126300) (cherry picked from commit ae961ae)
Taken from python/cpython#126185 which is a 3.12 backport of python/cpython#124712 Signed-off-by: Saul Paredes <[email protected]>
Taken from python/cpython#126185 which is a 3.12 backport of python/cpython#124712 Signed-off-by: Saul Paredes <[email protected]>
Taken from python/cpython#126185 which is a 3.12 backport of python/cpython#124712 Signed-off-by: Saul Paredes <[email protected]>
Taken from python/cpython#126185 which is a 3.12 backport of python/cpython#124712 Signed-off-by: Saul Paredes <[email protected]>
Taken from python/cpython#126185 which is a 3.12 backport of python/cpython#124712 Signed-off-by: Saul Paredes <[email protected]>
This patch properly quotes template strings in
venv
activation scripts. This mitigates potential command injection.venv
activation scripts do not quote strings properly #124651