diff options
| author | Victor Stinner <vstinner@python.org> | 2021-03-29 14:40:40 +0200 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2021-03-29 14:40:40 +0200 |
| commit | 9b999479c0022edfc9835a8a1f06e046f3881048 (patch) | |
| tree | 6a56be72c600d87ef99093f2af420a8ee6ae53f7 /Lib/pydoc.py | |
| parent | 4827483f47906fecee6b5d9097df2a69a293a85c (diff) | |
| download | cpython-git-9b999479c0022edfc9835a8a1f06e046f3881048.tar.gz | |
bpo-42988: Remove the pydoc getfile feature (GH-25015)
CVE-2021-3426: Remove the "getfile" feature of the pydoc module which
could be abused to read arbitrary files on the disk (directory
traversal vulnerability). Moreover, even source code of Python
modules can contain sensitive data like passwords. Vulnerability
reported by David Schwörer.
Diffstat (limited to 'Lib/pydoc.py')
| -rwxr-xr-x | Lib/pydoc.py | 18 |
1 files changed, 0 insertions, 18 deletions
diff --git a/Lib/pydoc.py b/Lib/pydoc.py index 282a917998..753ea97ba0 100755 --- a/Lib/pydoc.py +++ b/Lib/pydoc.py @@ -2456,9 +2456,6 @@ def _url_handler(url, content_type="text/html"): %s</head><body bgcolor="#f0f0f8">%s<div style="clear:both;padding-top:.5em;">%s</div> </body></html>''' % (title, css_link, html_navbar(), contents) - def filelink(self, url, path): - return '<a href="getfile?key=%s">%s</a>' % (url, path) - html = _HTMLDoc() @@ -2544,19 +2541,6 @@ def _url_handler(url, content_type="text/html"): 'key = %s' % key, '#ffffff', '#ee77aa', '<br>'.join(results)) return 'Search Results', contents - def html_getfile(path): - """Get and display a source file listing safely.""" - path = urllib.parse.unquote(path) - with tokenize.open(path) as fp: - lines = html.escape(fp.read()) - body = '<pre>%s</pre>' % lines - heading = html.heading( - '<big><big><strong>File Listing</strong></big></big>', - '#ffffff', '#7799ee') - contents = heading + html.bigsection( - 'File: %s' % path, '#ffffff', '#ee77aa', body) - return 'getfile %s' % path, contents - def html_topics(): """Index of topic texts available.""" @@ -2648,8 +2632,6 @@ def _url_handler(url, content_type="text/html"): op, _, url = url.partition('=') if op == "search?key": title, content = html_search(url) - elif op == "getfile?key": - title, content = html_getfile(url) elif op == "topic?key": # try topics first, then objects. try: |