pyenv verification source
Some checks are pending
macos_build / macos_build (3.10) (push) Waiting to run
macos_build / macos_build (3.11) (push) Waiting to run
macos_build / macos_build (3.12) (push) Waiting to run
macos_build / macos_build (3.13) (push) Waiting to run
macos_build / macos_build (3.14) (push) Waiting to run
pyenv_tests / pyenv_tests (macos-14) (push) Waiting to run
pyenv_tests / pyenv_tests (macos-15) (push) Waiting to run
pyenv_tests / pyenv_tests (macos-15-intel) (push) Waiting to run
pyenv_tests / pyenv_tests (macos-26) (push) Waiting to run
pyenv_tests / pyenv_tests (ubuntu-22.04) (push) Waiting to run
pyenv_tests / pyenv_tests (ubuntu-24.04) (push) Waiting to run
ubuntu_build / ubuntu_build (3.10) (push) Waiting to run
ubuntu_build / ubuntu_build (3.11) (push) Waiting to run
ubuntu_build / ubuntu_build (3.12) (push) Waiting to run
ubuntu_build / ubuntu_build (3.13) (push) Waiting to run
ubuntu_build / ubuntu_build (3.14) (push) Waiting to run
Some checks are pending
macos_build / macos_build (3.10) (push) Waiting to run
macos_build / macos_build (3.11) (push) Waiting to run
macos_build / macos_build (3.12) (push) Waiting to run
macos_build / macos_build (3.13) (push) Waiting to run
macos_build / macos_build (3.14) (push) Waiting to run
pyenv_tests / pyenv_tests (macos-14) (push) Waiting to run
pyenv_tests / pyenv_tests (macos-15) (push) Waiting to run
pyenv_tests / pyenv_tests (macos-15-intel) (push) Waiting to run
pyenv_tests / pyenv_tests (macos-26) (push) Waiting to run
pyenv_tests / pyenv_tests (ubuntu-22.04) (push) Waiting to run
pyenv_tests / pyenv_tests (ubuntu-24.04) (push) Waiting to run
ubuntu_build / ubuntu_build (3.10) (push) Waiting to run
ubuntu_build / ubuntu_build (3.11) (push) Waiting to run
ubuntu_build / ubuntu_build (3.12) (push) Waiting to run
ubuntu_build / ubuntu_build (3.13) (push) Waiting to run
ubuntu_build / ubuntu_build (3.14) (push) Waiting to run
This commit is contained in:
43
libexec/pyenv-version-file-read
Executable file
43
libexec/pyenv-version-file-read
Executable file
@@ -0,0 +1,43 @@
|
||||
#!/usr/bin/env bash
|
||||
# Usage: pyenv version-file-read <file>
|
||||
set -e
|
||||
[ -n "$PYENV_DEBUG" ] && set -x
|
||||
|
||||
VERSION_FILE="$1"
|
||||
|
||||
function is_version_safe() {
|
||||
# As needed, check that the constructed path exists as a child path of PYENV_ROOT/versions
|
||||
version="$1"
|
||||
if [[ "$version" == ".." || "$version" == */* ]]; then
|
||||
# Sanity check the value of version to prevent malicious path-traversal
|
||||
(
|
||||
cd "$PYENV_ROOT/versions/$version" &>/dev/null || exit 1
|
||||
[[ "$PWD" == "$PYENV_ROOT/versions/"* ]]
|
||||
)
|
||||
return $?
|
||||
else
|
||||
return 0
|
||||
fi
|
||||
}
|
||||
|
||||
if [ -s "$VERSION_FILE" ]; then
|
||||
# Read the first non-whitespace word from the specified version file.
|
||||
# Be careful not to load it whole in case there's something crazy in it.
|
||||
IFS="$IFS"$'\r'
|
||||
sep=
|
||||
while read -n 1024 -r version _ || [[ $version ]]; do
|
||||
if [[ -z "$version" || "$version" == \#* ]]; then
|
||||
# Skip empty lines and comments
|
||||
continue
|
||||
elif ! is_version_safe "$version"; then
|
||||
# CVE-2022-35861 allowed arbitrary code execution in some contexts and is mitigated by is_version_safe.
|
||||
echo "pyenv: invalid version \`$version' ignored in \`$VERSION_FILE'" >&2
|
||||
continue
|
||||
fi
|
||||
printf "%s%s" "$sep" "$version"
|
||||
sep=:
|
||||
done <"$VERSION_FILE"
|
||||
[[ $sep ]] && { echo; exit; }
|
||||
fi
|
||||
|
||||
exit 1
|
||||
Reference in New Issue
Block a user