[GR-76124][GR-76125][GR-76126][GR-76127] Harden GraalPy helper code

PullRequest: graalpython/4592

Author: fberlakovich

graalpython/com.oracle.graal.python.cext/include/graalpy/handles.h

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2024, 2025, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2024, 2026, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * The Universal Permissive License (UPL), Version 1.0
@@ -74,7 +74,7 @@
 #define points_to_py_int_handle(PTR) (((uint64_t)(uintptr_t)(PTR)) & INTEGER_TAG_BIT)
 #define points_to_py_float_handle(PTR) (((uint64_t)(uintptr_t)(PTR)) & FLOAT_TAG_BIT)
 
-#define stub_to_pointer(STUB_PTR) ((uintptr_t)(((uint64_t)(uintptr_t)(PTR)) | HANDLE_TAG_BIT))
+#define stub_to_pointer(STUB_PTR) ((uintptr_t)(((uint64_t)(uintptr_t)(STUB_PTR)) | HANDLE_TAG_BIT))
 #define int32_to_pointer(INT)       ((uintptr_t)((((uint64_t)(uint32_t)(INT) << 3) & _35_BIT_MASK) | HANDLE_TAG_BIT | INTEGER_TAG_BIT))
 static inline PyObject* float_to_pointer(float dbl) {
     uint32_t float_bits;

graalpython/lib-graalpython/modules/standalone/__main__.py

@@ -1,4 +1,4 @@
-# Copyright (c) 2023, 2025, Oracle and/or its affiliates. All rights reserved.
+# Copyright (c) 2023, 2026, Oracle and/or its affiliates. All rights reserved.
 # DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 #
 # The Universal Permissive License (UPL), Version 1.0
@@ -331,10 +331,15 @@ def get_tools(target_dir, parsed_args):
         if platform.system() == 'Darwin' or platform.system() == 'Linux':
             with tarfile.open(graalvm_file) as tar_file:
                 first_member = tar_file.next().path
-                tar_file.extractall(vm_path)
+                try:
+                    tar_file.extractall(vm_path, filter="data")
+                except TypeError:
+                    # older Python versions do not support filter, but the risk does not warrant a fallback implementation
+                    tar_file.extractall(vm_path)
         else:
             with zipfile.ZipFile(graalvm_file) as zip_file:
                 first_member = zip_file.namelist()[0]
+                # zipfile.extractall normalizes absolute paths and ".." components.
                 zip_file.extractall(vm_path)
 
         graalvm_dir = os.path.join(vm_path, first_member[:first_member.index("/")])

mx.graalpython/mx_graalpython.py

@@ -1571,7 +1571,8 @@ def run_python_unittests(python_binary, args=None, paths=None, exclude=None, env
     reportfile = None
     t0 = time.time()
     if report:
-        reportfile = os.path.abspath(tempfile.mktemp(prefix="test-report-", suffix=".json"))
+        with tempfile.NamedTemporaryFile(prefix="test-report-", suffix=".json", delete=False) as report_tmp:
+            reportfile = os.path.abspath(report_tmp.name)
         args += ["--mx-report", reportfile]
 
     if paths is not None:
@@ -2582,8 +2583,8 @@ def python_checkcopyrights(args):
         files = args[i + 1:]
         args = args[:i]
     # we wan't to ignore lib-python/3, because that's just crazy
-    listfilename = tempfile.mktemp()
-    with open(listfilename, "w") as listfile:
+    with tempfile.NamedTemporaryFile("w", delete=False) as listfile:
+        listfilename = listfile.name
         if files is None:
             mx.run(["git", "ls-tree", "-r", "HEAD", "--name-only"], out=listfile)
         else:
@@ -3299,15 +3300,26 @@ def run_mx(args, *splat, **kwargs):
     return mx.run_mx(args, *splat, **kwargs)
 
 
+def _parse_host_inlining_fields(fields):
+    parts = fields.split(":")
+    if len(parts) > 3:
+        raise ValueError("fields must be an integer index or slice")
+    result = int(fields) if len(parts) == 1 else slice(*(int(part) if part.strip() else None for part in parts))
+    if isinstance(result, slice) and result.step == 0:
+        raise ValueError("fields must be an integer index or slice")
+    return result
+
+
 def host_inlining_log_extract_method(args_in):
     parser = ArgumentParser(description="Extracts single method from host inlining log file. "
                                  "Result, when saved to file, can be visualized with: java scripts/HostInliningVisualizer.java filename")
     parser.add_argument("filename", help="file with host inlining log")
     parser.add_argument("method", help="name of a method to extract")
-    parser.add_argument("-f", "--fields",
+    parser.add_argument("-f", "--fields", type=_parse_host_inlining_fields,
                         help="fields to select from the list with details, use Python subscript syntax, "
                              "default: '-1:' (i.e., the last field: reason for the [non-]inlining decision)", default="-1:")
     args = parser.parse_args(args_in)
+    fields = args.fields
 
     start = 'Context: HostedMethod<' + args.method + ' '
     result = []
@@ -3326,7 +3338,8 @@ def host_inlining_log_extract_method(args_in):
                 match = re.search(r'\[inlined.*\]', line)
                 if match:
                     details = match.group().split(',')
-                    details = ', '.join(eval(f"details[{args.fields}]"))  #pylint: disable=eval-used
+                    selected_details = details[fields]
+                    details = ', '.join([selected_details] if isinstance(fields, int) else selected_details)
                     line = line[:match.start()].rstrip() + f' [{details}]'
                 for x in remove:
                     line = line.replace(x, '')

scripts/wheelbuilder/build_wheels.py

@@ -84,11 +84,16 @@ def extract(archive):
     print("Extracting", archive, flush=True)
     if splitext(archive)[1] == ".zip":
         with zipfile.ZipFile(archive) as f:
+            # zipfile.extractall normalizes absolute paths and ".." components.
             f.extractall()
             return f.infolist()[0].filename.split('/', 1)[0]
     else:
         with tarfile.open(archive) as f:
-            f.extractall()
+            try:
+                f.extractall(filter="data")
+            except TypeError:
+                # older Python versions do not support filter, but the risk does not warrant a fallback implementation
+                f.extractall()
             return f.getmembers()[0].name.split('/', 1)[0]