From e7e3853f3d3f080961eae4c264ed01599786d36c Mon Sep 17 00:00:00 2001 From: Nicolas Bruot Date: Sat, 2 Sep 2017 14:19:09 +0200 Subject: [PATCH 1/2] Keep Python paths as much as possible in the code Only use _fix_unsafe() at the very last possible time. --- gnupg/_meta.py | 58 ++++++++++++++++++++-------------------- gnupg/gnupg.py | 4 +-- gnupg/test/test_gnupg.py | 11 ++++---- 3 files changed, 37 insertions(+), 36 deletions(-) diff --git a/gnupg/_meta.py b/gnupg/_meta.py index 9df6163..ef69d97 100644 --- a/gnupg/_meta.py +++ b/gnupg/_meta.py @@ -1,7 +1,8 @@ # -*- coding: utf-8 -*- # # This file is part of python-gnupg, a Python interface to GnuPG. -# Copyright © 2013 Isis Lovecruft, 0xA3ADB67A2CDB8B35 +# Copyright @ 2017 Nicolas Bruot +# © 2013 Isis Lovecruft, 0xA3ADB67A2CDB8B35 # © 2013 Andrej B. # © 2013 LEAP Encryption Access Project # © 2008-2012 Vinay Sajip @@ -181,10 +182,8 @@ def __init__(self, binary=None, home=None, keyring=None, secring=None, self.ignore_homedir_permissions = ignore_homedir_permissions self.binary = _util._find_binary(binary) self.homedir = os.path.expanduser(home) if home else _util._conf - pub = _parsers._fix_unsafe(keyring) if keyring else 'pubring.gpg' - sec = _parsers._fix_unsafe(secring) if secring else 'secring.gpg' - self.keyring = os.path.join(self._homedir, pub) - self.secring = os.path.join(self._homedir, sec) + self.keyring = os.path.join(self._homedir, keyring or 'pubring.gpg') + self.secring = os.path.join(self._homedir, secring or 'secring.gpg') self.options = list(_parsers._sanitise_list(options)) if options else None #: The version string of our GnuPG binary @@ -419,28 +418,27 @@ def _homedir_setter(self, directory): % _util._conf) directory = _util._conf - hd = _parsers._fix_unsafe(directory) - log.debug("GPGBase._homedir_setter(): got directory '%s'" % hd) + log.debug("GPGBase._homedir_setter(): got directory '%s'" % directory) - if hd: - log.debug("GPGBase._homedir_setter(): Check existence of '%s'" % hd) - _util._create_if_necessary(hd) + if directory: + log.debug("GPGBase._homedir_setter(): Check existence of '%s'" % directory) + _util._create_if_necessary(directory) if self.ignore_homedir_permissions: - self._homedir = hd + self._homedir = directory else: try: log.debug("GPGBase._homedir_setter(): checking permissions") - assert _util._has_readwrite(hd), \ - "Homedir '%s' needs read/write permissions" % hd + assert _util._has_readwrite(directory), \ + "Homedir '%s' needs read/write permissions" % directory except AssertionError as ae: msg = ("Unable to set '%s' as GnuPG homedir" % directory) log.debug("GPGBase.homedir.setter(): %s" % msg) log.debug(str(ae)) raise RuntimeError(str(ae)) else: - log.info("Setting homedir to '%s'" % hd) - self._homedir = hd + log.info("Setting homedir to '%s'" % directory) + self._homedir = directory homedir = _util.InheritableProperty(_homedir_getter, _homedir_setter) @@ -473,26 +471,25 @@ def _generated_keys_setter(self, directory): log.debug("GPGBase._generated_keys_setter(): Using '%s'" % directory) - hd = _parsers._fix_unsafe(directory) - log.debug("GPGBase._generated_keys_setter(): got directory '%s'" % hd) + log.debug("GPGBase._generated_keys_setter(): got directory '%s'" % directory) - if hd: + if directory: log.debug("GPGBase._generated_keys_setter(): Check exists '%s'" - % hd) - _util._create_if_necessary(hd) + % directory) + _util._create_if_necessary(directory) try: log.debug("GPGBase._generated_keys_setter(): check permissions") - assert _util._has_readwrite(hd), \ - "Keys dir '%s' needs read/write permissions" % hd + assert _util._has_readwrite(directory), \ + "Keys dir '%s' needs read/write permissions" % directory except AssertionError as ae: msg = ("Unable to set '%s' as generated keys dir" % directory) log.debug("GPGBase._generated_keys_setter(): %s" % msg) log.debug(str(ae)) raise RuntimeError(str(ae)) else: - log.info("Setting homedir to '%s'" % hd) - self.__generated_keys = hd + log.info("Setting homedir to '%s'" % directory) + self.__generated_keys = directory _generated_keys = _util.InheritableProperty(_generated_keys_getter, _generated_keys_setter) @@ -542,15 +539,18 @@ def _make_args(self, args, passphrase=False): process. """ ## see TODO file, tag :io:makeargs: - cmd = [self.binary, + cmd = [_parsers._fix_unsafe(self.binary), '--no-options --no-emit-version --no-tty --status-fd 2'] - if self.homedir: cmd.append('--homedir "%s"' % self.homedir) + if self.homedir: + cmd.append('--homedir %s' % _parsers._fix_unsafe(self.homedir)) if self.keyring: - cmd.append('--no-default-keyring --keyring %s' % self.keyring) + cmd.append('--no-default-keyring --keyring %s' % + _parsers._fix_unsafe(self.keyring)) if self.secring: - cmd.append('--secret-keyring %s' % self.secring) + cmd.append('--secret-keyring %s' % + _parsers._fix_unsafe(self.secring)) if passphrase: cmd.append('--batch --passphrase-fd 0') @@ -779,7 +779,7 @@ def _recv_keys(self, keyids, keyserver=None): if not keyserver: keyserver = self.keyserver - args = ['--keyserver {0}'.format(keyserver), + args = ['--keyserver {0}'.format(_parsers._fix_unsafe(keyserver)), '--recv-keys {0}'.format(keyids)] log.info('Requesting keys from %s: %s' % (keyserver, keyids)) diff --git a/gnupg/gnupg.py b/gnupg/gnupg.py index e0fdaee..44d62df 100644 --- a/gnupg/gnupg.py +++ b/gnupg/gnupg.py @@ -1092,7 +1092,7 @@ def decrypt_file(self, filename, always_trust=False, passphrase=None, if output: # write the output to a file with the specified name if os.path.exists(output): os.remove(output) # to avoid overwrite confirmation message - args.append('--output %s' % output) + args.append('--output %s' % _fix_unsafe(output)) if always_trust: args.append("--always-trust") result = self._result_map['crypt'](self) @@ -1136,7 +1136,7 @@ def send_keys(self, keyserver, *keyids): result = self._result_map['list'](self) log.debug('send_keys: %r', keyids) data = _util._make_binary_stream("", self._encoding) - args = ['--keyserver', keyserver, '--send-keys'] + args = ['--keyserver', _fix_unsafe(keyserver), '--send-keys'] args.extend(keyids) self._handle_io(args, data, result, binary=True) log.debug('send_keys result: %r', result.__dict__) diff --git a/gnupg/test/test_gnupg.py b/gnupg/test/test_gnupg.py index dc518c7..b67a1c7 100755 --- a/gnupg/test/test_gnupg.py +++ b/gnupg/test/test_gnupg.py @@ -2,7 +2,8 @@ # -*- coding: utf-8 -*- # # This file is part of python-gnupg, a Python interface to GnuPG. -# Copyright © 2013 Isis Lovecruft, 0xA3ADB67A2CDB8B35 +# Copyright @ 2017 Nicolas Bruot +# © 2013 Isis Lovecruft, 0xA3ADB67A2CDB8B35 # © 2013 Andrej B. # © 2013 LEAP Encryption Access Project # © 2008-2012 Vinay Sajip @@ -366,11 +367,11 @@ def test_make_args_drop_protected_options(self): self.gpg.options = ['--tyrannosaurus-rex', '--stegosaurus', '--lock-never', '--trust-model always'] gpg_binary_path = _util._find_binary('gpg') cmd = self.gpg._make_args(None, False) - expected = [gpg_binary_path, + expected = [_parsers._fix_unsafe(gpg_binary_path), '--no-options --no-emit-version --no-tty --status-fd 2', - '--homedir "%s"' % self.homedir, - '--no-default-keyring --keyring %s' % self.keyring, - '--secret-keyring %s' % self.secring, + '--homedir %s' % _parsers._fix_unsafe(self.homedir), + '--no-default-keyring --keyring %s' % _parsers._fix_unsafe(self.keyring), + '--secret-keyring %s' % _parsers._fix_unsafe(self.secring), '--no-use-agent', '--lock-never', '--trust-model always'] From ea96545369d63bdc6a9799cbcb7015edd45be4eb Mon Sep 17 00:00:00 2001 From: Nicolas Bruot Date: Sun, 10 Sep 2017 09:53:45 +0200 Subject: [PATCH 2/2] Allow iterating over extensions more than once Python 2 -> 3 broke path discovery. --- gnupg/_util.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/gnupg/_util.py b/gnupg/_util.py index 901894f..0af17a5 100644 --- a/gnupg/_util.py +++ b/gnupg/_util.py @@ -708,7 +708,7 @@ def _can_allow(p): return True result = [] - exts = filter(None, os.environ.get('PATHEXT', '').split(os.pathsep)) + exts = list(filter(None, os.environ.get('PATHEXT', '').split(os.pathsep))) path = os.environ.get('PATH', None) if path is None: return []