Closed cgohlke closed 10 years ago
ping @mbrown1413 re: #731 #748
cjpeg
and djpeg
on Windows expect an output filename.
I'll work on adding another case in load_cjpeg
and _save_djpeg
for windows this evening.
Do you know if ppmquant
and ppmtogif
in have the same problem?
Regarding ppmquant
and ppmtogif
: The netpbm
tests are skipped on Windows because ppmquant
is a sh
script using Perl. The script will not run under Windows command interpreter (cmd.exe) without changes. ppmtogif
is an executable that works on Windows.
Pull request: #757
I don't have a Windows machine set up for development, but I think this will work. Would you mind trying my pull request in Windows? My apologizes if it doesn't work, I will set up a Windows machine soon if it doesn't.
That would be fine for now. However, I don't think load_djpeg
and _save_cjpeg
should raise an OSError
when double quotes or pipes are given in the filename. The filenames that the shell injection tests was intended to include many characters from many shells by design.
Do the tests in test_file_jpeg.py
work for you?
Pull request: #758
I wasn't expecting those files to be created on Windows, I just expected a different error. I was originally thinking ValueError
should be raised if an invalid filename was given, since it's usually raised when correct types, but incorrect values are given. But you're right, IOError
or OSError
is raised by open
when invalid filenames are given, so that's what methods like load_djpeg
should raise also.
It does feel odd having shell injection testing for one platform but not another, but that sounds like a problem for another day. As long as we're not using os.system
anymore.
I agree -- once we're not using os.system, these tests aren't as useful.
(as an aside, these tests aren't asserting that we're safe from shell injections, they're asserting that we're safe from shell injections that we can think of. Useful for confirming known issues, not useful for asserting completeness).
I get the following
test_shell_injection.TestShellInjection
errors on Windows usingdjpeg
andcjpeg
executables fromjpeg-9a
: