woodruffw
commented
4 months ago Just thinking out loud: this is going to be really annoying to test. I guess we could mock it out, but that won't guarantee that I got the exact callsite right here.
Closed woodruffw closed 4 months ago
woodruffw
commented
4 months ago Just thinking out loud: this is going to be really annoying to test. I guess we could mock it out, but that won't guarantee that I got the exact callsite right here.
woodruffw
commented
4 months ago I looked into this a bit more, and I mis-diagnosed this slightly originally: the error here isn't from our own code, but from venv itself: the _setup_pip function uses subprocess internally, which then explodes for the original noexec reason. So current patch is wrong.
WIP, needs tests.Closes https://github.com/pypa/pip-audit/issues/732