VimPlug/jedi-fork
1
0
Fork 0
forked from VimPlug/jedi
Code Pull Requests Activity

Clarify a sentence around virtualenv security, see #1250

Browse Source
This commit is contained in:
Dave Halter
2019-12-31 19:20:59 +01:00
parent c8b3443d5f
commit e4cf9293c2
1 changed files with 2 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
jedi/api/environment.py
View File

@@ -461,8 +461,8 @@ def _is_unix_safe_simple(real_path):
# 2. The repository has an innocent looking folder called foobar. jedi # 2. The repository has an innocent looking folder called foobar. jedi
# searches for the folder and executes foobar/bin/python --version if # searches for the folder and executes foobar/bin/python --version if
# there's also a foobar/bin/activate. # there's also a foobar/bin/activate.
# 3. The bin/python is obviously not a python script but a bash script or # 3. The attacker has gained code execution, since he controls
# whatever the attacker wants. # foobar/bin/python.
return uid == 0 return uid == 0