diff options
| author | Julian Taylor <jtaylor.debian@googlemail.com> | 2014-02-05 23:01:47 +0100 |
|---|---|---|
| committer | Julian Taylor <jtaylor.debian@googlemail.com> | 2014-02-15 17:55:07 +0100 |
| commit | 961c43da78bf97ce63183b27c338db7ea77bed85 (patch) | |
| tree | 793702aab47cd02ecd748d12fb5084ba28c3939a /numpy/core | |
| parent | c09dc61cd0bd38bcd169a3c480e43d437a200813 (diff) | |
| download | numpy-961c43da78bf97ce63183b27c338db7ea77bed85.tar.gz | |
ENH: remove insecure mktemp use
mktemp only returns a filename, a malicous user could replace it before
it gets used.
Diffstat (limited to 'numpy/core')
| -rw-r--r-- | numpy/core/tests/test_memmap.py | 34 | ||||
| -rw-r--r-- | numpy/core/tests/test_multiarray.py | 13 |
2 files changed, 19 insertions, 28 deletions
diff --git a/numpy/core/tests/test_memmap.py b/numpy/core/tests/test_memmap.py index 6de6319ef..10e7a0817 100644 --- a/numpy/core/tests/test_memmap.py +++ b/numpy/core/tests/test_memmap.py @@ -1,7 +1,7 @@ from __future__ import division, absolute_import, print_function import sys -from tempfile import NamedTemporaryFile, TemporaryFile, mktemp +from tempfile import NamedTemporaryFile, TemporaryFile import os from numpy import memmap @@ -33,12 +33,11 @@ class TestMemmap(TestCase): assert_array_equal(self.data, newfp) def test_open_with_filename(self): - tmpname = mktemp('', 'mmap') - fp = memmap(tmpname, dtype=self.dtype, mode='w+', - shape=self.shape) - fp[:] = self.data[:] - del fp - os.unlink(tmpname) + with NamedTemporaryFile() as tmp: + fp = memmap(tmp.name, dtype=self.dtype, mode='w+', + shape=self.shape) + fp[:] = self.data[:] + del fp def test_unnamed_file(self): with TemporaryFile() as f: @@ -55,17 +54,16 @@ class TestMemmap(TestCase): del fp def test_filename(self): - tmpname = mktemp('', 'mmap') - fp = memmap(tmpname, dtype=self.dtype, mode='w+', - shape=self.shape) - abspath = os.path.abspath(tmpname) - fp[:] = self.data[:] - self.assertEqual(abspath, fp.filename) - b = fp[:1] - self.assertEqual(abspath, b.filename) - del b - del fp - os.unlink(tmpname) + with NamedTemporaryFile() as tmp: + fp = memmap(tmp.name, dtype=self.dtype, mode='w+', + shape=self.shape) + abspath = os.path.abspath(tmp.name) + fp[:] = self.data[:] + self.assertEqual(abspath, fp.filename) + b = fp[:1] + self.assertEqual(abspath, b.filename) + del b + del fp def test_filename_fileobj(self): fp = memmap(self.tmpfp, dtype=self.dtype, mode="w+", diff --git a/numpy/core/tests/test_multiarray.py b/numpy/core/tests/test_multiarray.py index 34ab86fc2..48a9d1653 100644 --- a/numpy/core/tests/test_multiarray.py +++ b/numpy/core/tests/test_multiarray.py @@ -2052,12 +2052,11 @@ class TestIO(object): self.x = rand(shape) + rand(shape).astype(np.complex)*1j self.x[0,:, 1] = [nan, inf, -inf, nan] self.dtype = self.x.dtype - self.filename = tempfile.mktemp() + self.file = tempfile.NamedTemporaryFile() + self.filename = self.file.name def tearDown(self): - if os.path.isfile(self.filename): - os.unlink(self.filename) - #tmp_file.close() + self.file.close() def test_bool_fromstring(self): v = np.array([True, False, True, False], dtype=np.bool_) @@ -2085,7 +2084,6 @@ class TestIO(object): y = np.fromfile(f, dtype=self.dtype) f.close() assert_array_equal(y, self.x.flat) - os.unlink(self.filename) def test_roundtrip_filename(self): self.x.tofile(self.filename) @@ -2138,8 +2136,6 @@ class TestIO(object): f.close() assert_equal(pos, 10, err_msg=err_msg) - os.unlink(self.filename) - def test_file_position_after_tofile(self): # gh-4118 sizes = [io.DEFAULT_BUFFER_SIZE//8, @@ -2167,8 +2163,6 @@ class TestIO(object): f.close() assert_equal(pos, 10, err_msg=err_msg) - os.unlink(self.filename) - def _check_from(self, s, value, **kw): y = np.fromstring(asbytes(s), **kw) assert_array_equal(y, value) @@ -2271,7 +2265,6 @@ class TestIO(object): s = f.read() f.close() assert_equal(s, '1.51,2.0,3.51,4.0') - os.unlink(self.filename) def test_tofile_format(self): x = np.array([1.51, 2, 3.51, 4], dtype=float) |