Add more tests for loading a malitious astroid file

pylint-dev · Mar 12, 2020 · 5d63f2a · 5d63f2a
1 parent e13aef8
commit 5d63f2a
Show file tree

Hide file tree

Showing 2 changed files with 16 additions and 2 deletions.
diff --git a/pylint/lint.py b/pylint/lint.py
@@ -1462,7 +1462,6 @@ def _patch_sys_path(args):
     original = list(sys.path)
     changes = []
     seen = set()
-    cwd = os.getcwd()
     for arg in args:
         path = utils.get_python_path(arg)
         if path not in seen:

diff --git a/tests/test_self.py b/tests/test_self.py
@@ -683,7 +683,22 @@ def test_do_not_import_files_from_local_directory(self, tmpdir):
                 cwd=str(tmpdir),
             )
 
-        # Test with multiple jobs
+        # Linting this astroid file does not import it
+        with tmpdir.as_cwd():
+            subprocess.check_output(
+                [
+                    sys.executable,
+                    "-m",
+                    "pylint",
+                    "-j2",
+                    "astroid.py",
+                    "--disable=import-error,unused-import",
+                ],
+                cwd=str(tmpdir),
+            )
+
+        # Test with multiple jobs for hmac.py for which we have a
+        # CVE against: https://github.com/PyCQA/pylint/issues/959
         with tmpdir.as_cwd():
             subprocess.call(
                 [