From 77a07c8e9c6c1c8998c38c8a01790b41bdfeb21e Mon Sep 17 00:00:00 2001 From: Anthony Sottile Date: Thu, 24 Jan 2019 07:48:36 -0800 Subject: [PATCH] Correctly check parent directories --- aactivator.py | 1 + tests/integration_test.py | 24 ++++++++++++++++++++++++ 2 files changed, 25 insertions(+) diff --git a/aactivator.py b/aactivator.py index 7172ddb..5965ae3 100755 --- a/aactivator.py +++ b/aactivator.py @@ -96,6 +96,7 @@ def insecure(path): def search_parent_paths(path): + path = os.path.abspath(path) original_fs_id = fs_id = get_filesystem_id(path) previous_path = None while original_fs_id == fs_id and path != previous_path: diff --git a/tests/integration_test.py b/tests/integration_test.py index 9ec365e..b4bb63c 100644 --- a/tests/integration_test.py +++ b/tests/integration_test.py @@ -254,6 +254,30 @@ def test_complains_when_not_activated(activate, venv_path, tmpdir, shell): run_test(shell, test, tmpdir) +def test_complains_parent_directory_insecure(venv_path, tmpdir, shell): + make_venv_in_tempdir(tmpdir) + venv_path.chmod(0o777) + + test = '''\ +TEST> eval "$(aactivator init)" +TEST> echo + +TEST> cd {venv_path} +aactivator will source .activate.sh and .deactivate.sh at {venv_path}. +Acceptable? (y)es (n)o (N)ever: INPUT> y +aactivator will remember this: ~/.cache/aactivator/allowed +aactivator: Cowardly refusing to source .activate.sh because writeable by others: . +TEST> echo + +aactivator: Cowardly refusing to source .activate.sh because writeable by others: . +TEST> cd / +TEST> echo + +''' + test = test.format(venv_path=str(venv_path)) + run_test(shell, test, tmpdir) + + def test_activate_but_no_deactivate(venv_path, tmpdir, deactivate, shell): make_venv_in_tempdir(tmpdir) deactivate.remove()