π fix(seed): validate distribution and version before pip download#3120
Merged
gaborbernat merged 2 commits intoApr 14, 2026
Merged
Conversation
6f5c824 to
e5b0f8e
Compare
The distribution name and version spec handed to ``pip download`` were interpolated straight into the argument list, so a caller reaching ``download_wheel`` with a string like ``pip --index-url=http://evil`` or ``pip[extra]`` would have quietly turned it into pip options or a different package. Reject anything that does not look like a PEP 503 distribution name or a spec emitted by ``Version.as_version_spec``. Callers are all internal today, but defense in depth is cheap and the check runs before the subprocess is spawned, so there is no cost on the happy path.
16fd456 to
c3c4449
Compare
for more information, see https://pre-commit.ci
rahuldevikar
approved these changes
Apr 14, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Security hardening. The distribution name and version specifier handed to
pip downloadindownload_wheelwere interpolated straight into the subprocess argument list with an f-string. Internal callers always pass sensible values today, but the function is a small function call away from turning a distribution string likepip --index-url=http://evilorpip[extra]into extra pip flags or a different package entirely. π Defense in depth is cheap here and the check runs before the subprocess is ever spawned.The fix rejects any distribution name that does not match the PEP 503 normalised form, and any non-empty version spec that does not match what
Version.as_version_speccan emit. The regexes are written in verbose mode with named groups so the allow-list is readable at a glance. Anything outside those shapes raises aValueErrorwith the offending string quoted for debugging. Happy-path callers see no behavioural change.