Loading ...
Sorry, an error occurred while loading the content.

[Cheetahtemplate-discuss] SettingsManager: Wrong usage of tempfile.mkstemp()

Expand Messages
  • Franz Glasner
    The usage of tempfile.mkstemp() in Cheetah s SettingsManager.py is wrong. The current code in version 2.0.1 assumes that os.mkstemp() returns a pathname (as
    Message 1 of 2 , Feb 13, 2008
    • 0 Attachment
      The usage of tempfile.mkstemp() in Cheetah's SettingsManager.py is wrong.

      The current code in version 2.0.1 assumes that os.mkstemp() returns a
      pathname (as tempfile.mktemp() does).

      But os.mkstemp() returns a tuple with an open low-level file descriptor
      and a pathname.

      Here is a patch to fix this issue. This also fixes the unsecure reopening
      of the temporary file with open().

      --- SettingsManager.py.original Tue Apr 03 04:03:26 2007
      +++ SettingsManager.py Wed Feb 13 20:05:12 2008
      @@ -292,26 +292,33 @@
      This method will temporarily add the directory of src file to
      sys.path so
      that import statements relative to that dir will work
      properly."""

      path = self.normalizePath(path)
      dirName = os.path.dirname(path)
      - tmpPath = tempfile.mkstemp('webware_temp')

      pySrc = translateClassBasedConfigSyntax(open(path).read())
      - modName =
      path.replace('.','_').replace('/','_').replace('\\','_')
      - open(tmpPath, 'w').write(pySrc)
      + modName =
      path.replace('.','_').replace('/','_').replace('\\','_')
      +
      + fp = None
      + tmpFd, tmpPath = tempfile.mkstemp('webware_temp')
      try:
      - fp = open(tmpPath)
      + fp = os.fdopen(tmpFd, "w+")
      + fp.write(pySrc)
      + fp.flush()
      + fp.seek(0)
      self._sysPathLock.acquire()
      sys.path.insert(0, dirName)
      module = imp.load_source(modName, path, fp)
      newSettings = self.readSettingsFromModule(module)
      del sys.path[0]
      self._sysPathLock.release()
      return newSettings
      finally:
      - fp.close()
      + if fp is None:
      + os.close(tmpFd)
      + else:
      + fp.close()
      try:
      os.remove(tmpPath)
      except:
      pass
      if os.path.exists(tmpPath + 'c'):


      Best regards,
      Franz.


      -------------------------------------------------------------------------
      This SF.net email is sponsored by: Microsoft
      Defy all challenges. Microsoft(R) Visual Studio 2008.
      http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
      _______________________________________________
      Cheetahtemplate-discuss mailing list
      Cheetahtemplate-discuss@...
      https://lists.sourceforge.net/lists/listinfo/cheetahtemplate-discuss
    • Tavis Rudd
      Franz, Thanks for the patch. That SettingsManager module is full of crap that Cheetah no longer uses. Instead of patching it up I ve just stripped out the
      Message 2 of 2 , Feb 13, 2008
      • 0 Attachment
        Franz,
        Thanks for the patch. That SettingsManager module is full of crap that
        Cheetah no longer uses. Instead of patching it up I've just stripped out
        the unused code.
        Tavis

        On Wed, 13 Feb 2008, Franz Glasner wrote:

        > The usage of tempfile.mkstemp() in Cheetah's SettingsManager.py is wrong.
        >
        > The current code in version 2.0.1 assumes that os.mkstemp() returns a
        > pathname (as tempfile.mktemp() does).
        >
        > But os.mkstemp() returns a tuple with an open low-level file descriptor
        > and a pathname.
        >
        > Here is a patch to fix this issue. This also fixes the unsecure reopening
        > of the temporary file with open().
        >
        > --- SettingsManager.py.original Tue Apr 03 04:03:26 2007
        > +++ SettingsManager.py Wed Feb 13 20:05:12 2008
        > @@ -292,26 +292,33 @@
        > This method will temporarily add the directory of src file to
        > sys.path so
        > that import statements relative to that dir will work
        > properly."""
        >
        > path = self.normalizePath(path)
        > dirName = os.path.dirname(path)
        > - tmpPath = tempfile.mkstemp('webware_temp')
        >
        > pySrc = translateClassBasedConfigSyntax(open(path).read())
        > - modName =
        > path.replace('.','_').replace('/','_').replace('\\','_')
        > - open(tmpPath, 'w').write(pySrc)
        > + modName =
        > path.replace('.','_').replace('/','_').replace('\\','_')
        > +
        > + fp = None
        > + tmpFd, tmpPath = tempfile.mkstemp('webware_temp')
        > try:
        > - fp = open(tmpPath)
        > + fp = os.fdopen(tmpFd, "w+")
        > + fp.write(pySrc)
        > + fp.flush()
        > + fp.seek(0)
        > self._sysPathLock.acquire()
        > sys.path.insert(0, dirName)
        > module = imp.load_source(modName, path, fp)
        > newSettings = self.readSettingsFromModule(module)
        > del sys.path[0]
        > self._sysPathLock.release()
        > return newSettings
        > finally:
        > - fp.close()
        > + if fp is None:
        > + os.close(tmpFd)
        > + else:
        > + fp.close()
        > try:
        > os.remove(tmpPath)
        > except:
        > pass
        > if os.path.exists(tmpPath + 'c'):
        >
        >
        > Best regards,
        > Franz.
        >
        >
        > -------------------------------------------------------------------------
        > This SF.net email is sponsored by: Microsoft
        > Defy all challenges. Microsoft(R) Visual Studio 2008.
        > http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
        > _______________________________________________
        > Cheetahtemplate-discuss mailing list
        > Cheetahtemplate-discuss@...
        > https://lists.sourceforge.net/lists/listinfo/cheetahtemplate-discuss
        >

        -------------------------------------------------------------------------
        This SF.net email is sponsored by: Microsoft
        Defy all challenges. Microsoft(R) Visual Studio 2008.
        http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
        _______________________________________________
        Cheetahtemplate-discuss mailing list
        Cheetahtemplate-discuss@...
        https://lists.sourceforge.net/lists/listinfo/cheetahtemplate-discuss
      Your message has been successfully submitted and would be delivered to recipients shortly.