It seems like this section of code allows someone to pass in an arbitrary path name in tempfile, which then causes the code to zero out the provided path (rather than a temporary file) if the person running the test also happens to own the file:
|
path = os.path.join(base_path, file_path) |
|
os.makedirs(os.path.dirname(path), exist_ok=True) |
|
# The file may already exist, in which case, ensure it's writable so that |
|
# it can be truncated. |
|
if os.path.exists(path) and not os.access(path, os.W_OK): |
|
stat_info = os.stat(path) |
|
os.chmod(path, stat_info.st_mode | stat.S_IWUSR) |
Example:
import pathlib
from adric-work.testing.pybase import test
class BugTest(test.TestCase):
def testBug(self):
# bad_path = pathlib.Path.home() / 'hello_bug' / 'a_file.txt'
# my_file = self.create_tempfile(bad_path.as_posix())
bad_path = '/usr/local/work/home/adric-work/hello_bug/a_file.txt'
my_file = self.create_tempfile(bad_path)
if __name__ == '__main__':
test.main()
It seems like this section of code allows someone to pass in an arbitrary path name in tempfile, which then causes the code to zero out the provided path (rather than a temporary file) if the person running the test also happens to own the file:
abseil-py/absl/testing/absltest.py
Lines 390 to 396 in 9764133
Example: