From dfacbd61aa4c39e6518a018031fcbd9825ee80b8 Mon Sep 17 00:00:00 2001 From: Devan Franchini Date: Thu, 13 Nov 2014 20:06:26 -0500 Subject: config.py: Modifies import strategy for config parser On systems which had dev-python/configparser installed (a package to add support for the py3.x configparser class in py2.x) webapp-config would make use of that class instead of py2.x's built in ConfigParser class. This would lead to improper interpolation of configuration variables that follow the syntax "${}". This dangerous behavior could (and has) lead to webapp-config installing a webapp to the root filesystem of a host. This danger has been avoided by modifying the import strategy for the config parser we're using so that we force import the ConfigParser class if using py2.x. X-Gentoo-Bug: 528752 X-Gentoo-Bug-URL: https://bugs.gentoo.org/528752 --- WebappConfig/config.py | 11 ++++------- 1 file changed, 4 insertions(+), 7 deletions(-) diff --git a/WebappConfig/config.py b/WebappConfig/config.py index cdae149..c87b93b 100644 --- a/WebappConfig/config.py +++ b/WebappConfig/config.py @@ -21,15 +21,12 @@ import sys, os, os.path, re, socket, time -try: +if sys.hexversion >= 0x3000000: # Python 3 import configparser - if sys.version_info >= (3, 2): - from configparser import ConfigParser as configparser_ConfigParser - from configparser import ExtendedInterpolation - else: - from configparser import SafeConfigParser as configparser_ConfigParser -except ImportError: + from configparser import ConfigParser as configparser_ConfigParser + from configparser import ExtendedInterpolation +else: # Python 2 import ConfigParser as configparser from ConfigParser import SafeConfigParser as configparser_ConfigParser -- cgit v1.2.3-65-gdbad