Open adric-work opened 1 year ago
It seems like this section of code allows someone to pass in an arbitrary path name in tempfile, which then causes the code to zero out the provided path (rather than a temporary file) if the person running the test also happens to own the file: https://github.com/abseil/abseil-py/blob/976413320682f8fd1c05c36f24a9475050702699/absl/testing/absltest.py#L390-L396 Example:
import pathlib from adric-work.testing.pybase import test class BugTest(test.TestCase): def testBug(self): # bad_path = pathlib.Path.home() / 'hello_bug' / 'a_file.txt' # my_file = self.create_tempfile(bad_path.as_posix()) bad_path = '/usr/local/work/home/adric-work/hello_bug/a_file.txt' my_file = self.create_tempfile(bad_path) if __name__ == '__main__': test.main()
It seems like this section of code allows someone to pass in an arbitrary path name in tempfile, which then causes the code to zero out the provided path (rather than a temporary file) if the person running the test also happens to own the file: https://github.com/abseil/abseil-py/blob/976413320682f8fd1c05c36f24a9475050702699/absl/testing/absltest.py#L390-L396 Example: