classification
Title: Pdb._runscript should use io.open_code() instead of open()
Type: security Stage:
Components: Library (Lib) Versions: Python 3.9
process
Status: open Resolution:
Dependencies: Superseder:
Assigned To: Nosy List: Jason.Killen, plokmijnuhby
Priority: normal Keywords:

Created on 2019-11-06 16:05 by plokmijnuhby, last changed 2019-11-08 21:02 by Jason.Killen.

Messages (2)
msg356145 - (view) Author: Dominic Littlewood (plokmijnuhby) * Date: 2019-11-06 16:05
Fairly obviously, if you're using something called _runscript you're probably trying to run some code. To do this it has to open the script as a file.

This is similar to two other issues I'm posting, but they're in different modules, so different bugs.
msg356264 - (view) Author: Jason Killen (Jason.Killen) Date: 2019-11-08 21:02
I flipped through PEP 578 (Runtime Audit Hooks) and this seems like the type of situation that PEP 578 was trying to handle.  I've got a change that seems to be working and can provide a PR or whatever once I remember/read up on doing that.  (I'm a very seldom contributor and am more than happy to defer to those that know more than me.)
History
Date User Action Args
2019-11-08 21:02:40Jason.Killensetnosy: + Jason.Killen
messages: + msg356264
2019-11-06 16:05:59plokmijnuhbysettype: security
components: + Library (Lib)
versions: + Python 3.9
2019-11-06 16:05:27plokmijnuhbycreate