Skip to content

BUG: IO unit test creates file at home directory #40091

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
3 tasks done
chrispe opened this issue Feb 26, 2021 · 6 comments · Fixed by #40122
Closed
3 tasks done

BUG: IO unit test creates file at home directory #40091

chrispe opened this issue Feb 26, 2021 · 6 comments · Fixed by #40122
Labels
Bug IO Data IO issues that don't fit into a more specific label Testing pandas testing functions or related to the test suite
Milestone
1.3

Comments

@chrispe
Copy link
Contributor

chrispe commented Feb 26, 2021
edited
Loading

  • I have checked that this issue has not already been reported.
  • I have confirmed this bug exists on the latest version of pandas.
  • (optional) I have confirmed this bug exists on the master branch of pandas.

The unit test at pandas/tests/io/test_common.py produces a file using a hardcoded name as shown below:

filename = path_type("~/sometest")
with icom.get_handle(filename, "w") as handles:
  assert os.path.isabs(handles.handle.name)
  assert os.path.expanduser(filename) == handles.handle.name

Problem description

A developer may encounter an empty file "sometest" appearing in their home directory (after running pytest). If the developer is unaware of that, then it may raise some wrong security concerns on their side. Also, in the extreme scenario that the developer has a file at the exact same path, then its content may be replaced.

Expected Output

I would expect the file produced by the unit test to be temporary and get deleted afterwards. Also, that the filename is generated rather than hardcoded.
@chrispe chrispe added Bug Needs Triage Issue that has not been reviewed by a pandas team member labels Feb 26, 2021
@lithomas1 lithomas1 added IO Data IO issues that don't fit into a more specific label Testing pandas testing functions or related to the test suite and removed Needs Triage Issue that has not been reviewed by a pandas team member labels Feb 26, 2021
@lithomas1 lithomas1 added this to the Contributions Welcome milestone Feb 26, 2021
@lithomas1
Copy link
Member

@chrispe Thanks for the bug report. I can confirm this on master that a sometest file is created in the home directory(I'm testing this on MacOS). I think we should at least check for the existence of a file before overwriting and for sure clean up the file after we're done. cc @twoertwein

@twoertwein
Copy link
Member

That test should use:

import pandas._testing as tm

with tm.ensure_clean() as path:
    ....

@chrispe
Copy link
Contributor Author

chrispe commented Feb 27, 2021
edited
Loading

In this test case we want to ensure that the path is able to expand correctly (i.e. ~/ is converted to an absolute path to home directory) right? However, the tm.ensure_clean does not allow creating a temp file in a custom directory. Should we then try to expand its functionality or directly use the module of tempfile?

@twoertwein
Copy link
Member

you are right! If that is the only place where a file in "~"needs to be cleaned up, I wouldn't extend tm.ensure_clean.

@chrispe
Copy link
Contributor Author

chrispe commented Feb 27, 2021

By a quick look at the rest of the tests, it seems like this is the only hardcoded case. If you agree, I can continue with a PR to use the tempfile module for the file creation.

@twoertwein
Copy link
Member

By a quick look at the rest of the tests, it seems like this is the only hardcoded case. If you agree, I can continue with a PR to use the tempfile module for the file creation.

Yes, please go ahead :)

@chrispe chrispe mentioned this issue Feb 28, 2021
Merged
4 tasks
@jreback jreback modified the milestones: Contributions Welcome, 1.3 Mar 1, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Bug IO Data IO issues that don't fit into a more specific label Testing pandas testing functions or related to the test suite
Projects
None yet
Milestone
1.3
Development

Successfully merging a pull request may close this issue.

Use tempfile for creating a file in home directory for a IO test chrispe/pandas
4 participants
@jreback @chrispe @twoertwein @lithomas1