diff options
| author | Jason R. Coombs <jaraco@jaraco.com> | 2015-05-27 18:40:01 -0400 |
|---|---|---|
| committer | Jason R. Coombs <jaraco@jaraco.com> | 2015-05-27 18:40:01 -0400 |
| commit | b2847255769f7e40fa757c830020cb2daad7860d (patch) | |
| tree | c121a7b53431fc915ee13ff2167d9c104b64d8ef /setuptools/command/easy_install.py | |
| parent | 7ee56c5270d979f73c248c3ef5bac48793cd77d6 (diff) | |
| download | external_python_setuptools-b2847255769f7e40fa757c830020cb2daad7860d.tar.gz external_python_setuptools-b2847255769f7e40fa757c830020cb2daad7860d.tar.bz2 external_python_setuptools-b2847255769f7e40fa757c830020cb2daad7860d.zip | |
Disallow path separators in script names. Fixes #390
Diffstat (limited to 'setuptools/command/easy_install.py')
| -rwxr-xr-x | setuptools/command/easy_install.py | 10 |
1 files changed, 10 insertions, 0 deletions
diff --git a/setuptools/command/easy_install.py b/setuptools/command/easy_install.py index 2c127126..1b32b1c8 100755 --- a/setuptools/command/easy_install.py +++ b/setuptools/command/easy_install.py @@ -2024,11 +2024,21 @@ class ScriptWriter(object): for type_ in 'console', 'gui': group = type_ + '_scripts' for name, ep in dist.get_entry_map(group).items(): + cls._ensure_safe_name(name) script_text = cls.template % locals() args = cls._get_script_args(type_, name, header, script_text) for res in args: yield res + @staticmethod + def _ensure_safe_name(name): + """ + Prevent paths in *_scripts entry point names. + """ + has_path_sep = re.search(r'[\\/]', name) + if has_path_sep: + raise ValueError("Path separators not allowed in script names") + @classmethod def get_writer(cls, force_windows): # for backward compatibility |