Issue #22885: Fixed arbitrary code execution vulnerability in the dumbdbm
module. Original patch by Claudiu Popa.
diff --git a/Lib/test/test_dumbdbm.py b/Lib/test/test_dumbdbm.py
index 6f5324f..6520efd 100644
--- a/Lib/test/test_dumbdbm.py
+++ b/Lib/test/test_dumbdbm.py
@@ -160,6 +160,14 @@
self.assertEqual(expected, got)
f.close()
+ def test_eval(self):
+ with open(_fname + '.dir', 'w') as stream:
+ stream.write("str(__import__('sys').stdout.write('Hacked!')), 0\n")
+ with test_support.captured_stdout() as stdout:
+ with self.assertRaises(ValueError):
+ dumbdbm.open(_fname).close()
+ self.assertEqual(stdout.getvalue(), '')
+
def tearDown(self):
_delete_files()