[config.git] / djavu-asus / elpy / rpc-venv / lib / python3.11 / site-packages / jedi / api / environment.py

"""
Environments are a way to activate different Python versions or Virtualenvs for
static analysis. The Python binary in that environment is going to be executed.
"""
import os
import sys
import hashlib
import filecmp
from collections import namedtuple
from shutil import which

from jedi.cache import memoize_method, time_cache
from jedi.inference.compiled.subprocess import CompiledSubprocess, \
    InferenceStateSameProcess, InferenceStateSubprocess

import parso

_VersionInfo = namedtuple('VersionInfo', 'major minor micro')  # type: ignore[name-match]

_SUPPORTED_PYTHONS = ['3.12', '3.11', '3.10', '3.9', '3.8', '3.7', '3.6']
_SAFE_PATHS = ['/usr/bin', '/usr/local/bin']
_CONDA_VAR = 'CONDA_PREFIX'
_CURRENT_VERSION = '%s.%s' % (sys.version_info.major, sys.version_info.minor)


class InvalidPythonEnvironment(Exception):
    """
    If you see this exception, the Python executable or Virtualenv you have
    been trying to use is probably not a correct Python version.
    """


class _BaseEnvironment:
    @memoize_method
    def get_grammar(self):
        version_string = '%s.%s' % (self.version_info.major, self.version_info.minor)
        return parso.load_grammar(version=version_string)

    @property
    def _sha256(self):
        try:
            return self._hash
        except AttributeError:
            self._hash = _calculate_sha256_for_file(self.executable)
            return self._hash


def _get_info():
    return (
        sys.executable,
        sys.prefix,
        sys.version_info[:3],
    )


class Environment(_BaseEnvironment):
    """
    This class is supposed to be created by internal Jedi architecture. You
    should not create it directly. Please use create_environment or the other
    functions instead. It is then returned by that function.
    """
    _subprocess = None

    def __init__(self, executable, env_vars=None):
        self._start_executable = executable
        self._env_vars = env_vars
        # Initialize the environment
        self._get_subprocess()

    def _get_subprocess(self):
        if self._subprocess is not None and not self._subprocess.is_crashed:
            return self._subprocess

        try:
            self._subprocess = CompiledSubprocess(self._start_executable,
                                                  env_vars=self._env_vars)
            info = self._subprocess._send(None, _get_info)
        except Exception as exc:
            raise InvalidPythonEnvironment(
                "Could not get version information for %r: %r" % (
                    self._start_executable,
                    exc))

        # Since it could change and might not be the same(?) as the one given,
        # set it here.
        self.executable = info[0]
        """
        The Python executable, matches ``sys.executable``.
        """
        self.path = info[1]
        """
        The path to an environment, matches ``sys.prefix``.
        """
        self.version_info = _VersionInfo(*info[2])
        """
        Like :data:`sys.version_info`: a tuple to show the current
        Environment's Python version.
        """
        return self._subprocess

    def __repr__(self):
        version = '.'.join(str(i) for i in self.version_info)
        return '<%s: %s in %s>' % (self.__class__.__name__, version, self.path)

    def get_inference_state_subprocess(self, inference_state):
        return InferenceStateSubprocess(inference_state, self._get_subprocess())

    @memoize_method
    def get_sys_path(self):
        """
        The sys path for this environment. Does not include potential
        modifications from e.g. appending to :data:`sys.path`.

        :returns: list of str
        """
        # It's pretty much impossible to generate the sys path without actually
        # executing Python. The sys path (when starting with -S) itself depends
        # on how the Python version was compiled (ENV variables).
        # If you omit -S when starting Python (normal case), additionally
        # site.py gets executed.
        return self._get_subprocess().get_sys_path()


class _SameEnvironmentMixin:
    def __init__(self):
        self._start_executable = self.executable = sys.executable
        self.path = sys.prefix
        self.version_info = _VersionInfo(*sys.version_info[:3])
        self._env_vars = None


class SameEnvironment(_SameEnvironmentMixin, Environment):
    pass


class InterpreterEnvironment(_SameEnvironmentMixin, _BaseEnvironment):
    def get_inference_state_subprocess(self, inference_state):
        return InferenceStateSameProcess(inference_state)

    def get_sys_path(self):
        return sys.path


def _get_virtual_env_from_var(env_var='VIRTUAL_ENV'):
    """Get virtualenv environment from VIRTUAL_ENV environment variable.

    It uses `safe=False` with ``create_environment``, because the environment
    variable is considered to be safe / controlled by the user solely.
    """
    var = os.environ.get(env_var)
    if var:
        # Under macOS in some cases - notably when using Pipenv - the
        # sys.prefix of the virtualenv is /path/to/env/bin/.. instead of
        # /path/to/env so we need to fully resolve the paths in order to
        # compare them.
        if os.path.realpath(var) == os.path.realpath(sys.prefix):
            return _try_get_same_env()

        try:
            return create_environment(var, safe=False)
        except InvalidPythonEnvironment:
            pass


def _calculate_sha256_for_file(path):
    sha256 = hashlib.sha256()
    with open(path, 'rb') as f:
        for block in iter(lambda: f.read(filecmp.BUFSIZE), b''):
            sha256.update(block)
    return sha256.hexdigest()


def get_default_environment():
    """
    Tries to return an active Virtualenv or conda environment.
    If there is no VIRTUAL_ENV variable or no CONDA_PREFIX variable set
    set it will return the latest Python version installed on the system. This
    makes it possible to use as many new Python features as possible when using
    autocompletion and other functionality.

    :returns: :class:`.Environment`
    """
    virtual_env = _get_virtual_env_from_var()
    if virtual_env is not None:
        return virtual_env

    conda_env = _get_virtual_env_from_var(_CONDA_VAR)
    if conda_env is not None:
        return conda_env

    return _try_get_same_env()


def _try_get_same_env():
    env = SameEnvironment()
    if not os.path.basename(env.executable).lower().startswith('python'):
        # This tries to counter issues with embedding. In some cases (e.g.
        # VIM's Python Mac/Windows, sys.executable is /foo/bar/vim. This
        # happens, because for Mac a function called `_NSGetExecutablePath` is
        # used and for Windows `GetModuleFileNameW`. These are both platform
        # specific functions. For all other systems sys.executable should be
        # alright. However here we try to generalize:
        #
        # 1. Check if the executable looks like python (heuristic)
        # 2. In case it's not try to find the executable
        # 3. In case we don't find it use an interpreter environment.
        #
        # The last option will always work, but leads to potential crashes of
        # Jedi - which is ok, because it happens very rarely and even less,
        # because the code below should work for most cases.
        if os.name == 'nt':
            # The first case would be a virtualenv and the second a normal
            # Python installation.
            checks = (r'Scripts\python.exe', 'python.exe')
        else:
            # For unix it looks like Python is always in a bin folder.
            checks = (
                'bin/python%s.%s' % (sys.version_info[0], sys.version[1]),
                'bin/python%s' % (sys.version_info[0]),
                'bin/python',
            )
        for check in checks:
            guess = os.path.join(sys.exec_prefix, check)
            if os.path.isfile(guess):
                # Bingo - We think we have our Python.
                return Environment(guess)
        # It looks like there is no reasonable Python to be found.
        return InterpreterEnvironment()
    # If no virtualenv is found, use the environment we're already
    # using.
    return env


def get_cached_default_environment():
    var = os.environ.get('VIRTUAL_ENV') or os.environ.get(_CONDA_VAR)
    environment = _get_cached_default_environment()

    # Under macOS in some cases - notably when using Pipenv - the
    # sys.prefix of the virtualenv is /path/to/env/bin/.. instead of
    # /path/to/env so we need to fully resolve the paths in order to
    # compare them.
    if var and os.path.realpath(var) != os.path.realpath(environment.path):
        _get_cached_default_environment.clear_cache()
        return _get_cached_default_environment()
    return environment


@time_cache(seconds=10 * 60)  # 10 Minutes
def _get_cached_default_environment():
    try:
        return get_default_environment()
    except InvalidPythonEnvironment:
        # It's possible that `sys.executable` is wrong. Typically happens
        # when Jedi is used in an executable that embeds Python. For further
        # information, have a look at:
        # https://github.com/davidhalter/jedi/issues/1531
        return InterpreterEnvironment()


def find_virtualenvs(paths=None, *, safe=True, use_environment_vars=True):
    """
    :param paths: A list of paths in your file system to be scanned for
        Virtualenvs. It will search in these paths and potentially execute the
        Python binaries.
    :param safe: Default True. In case this is False, it will allow this
        function to execute potential `python` environments. An attacker might
        be able to drop an executable in a path this function is searching by
        default. If the executable has not been installed by root, it will not
        be executed.
    :param use_environment_vars: Default True. If True, the VIRTUAL_ENV
        variable will be checked if it contains a valid VirtualEnv.
        CONDA_PREFIX will be checked to see if it contains a valid conda
        environment.

    :yields: :class:`.Environment`
    """
    if paths is None:
        paths = []

    _used_paths = set()

    if use_environment_vars:
        # Using this variable should be safe, because attackers might be
        # able to drop files (via git) but not environment variables.
        virtual_env = _get_virtual_env_from_var()
        if virtual_env is not None:
            yield virtual_env
            _used_paths.add(virtual_env.path)

        conda_env = _get_virtual_env_from_var(_CONDA_VAR)
        if conda_env is not None:
            yield conda_env
            _used_paths.add(conda_env.path)

    for directory in paths:
        if not os.path.isdir(directory):
            continue

        directory = os.path.abspath(directory)
        for path in os.listdir(directory):
            path = os.path.join(directory, path)
            if path in _used_paths:
                # A path shouldn't be inferred twice.
                continue
            _used_paths.add(path)

            try:
                executable = _get_executable_path(path, safe=safe)
                yield Environment(executable)
            except InvalidPythonEnvironment:
                pass


def find_system_environments(*, env_vars=None):
    """
    Ignores virtualenvs and returns the Python versions that were installed on
    your system. This might return nothing, if you're running Python e.g. from
    a portable version.

    The environments are sorted from latest to oldest Python version.

    :yields: :class:`.Environment`
    """
    for version_string in _SUPPORTED_PYTHONS:
        try:
            yield get_system_environment(version_string, env_vars=env_vars)
        except InvalidPythonEnvironment:
            pass


# TODO: this function should probably return a list of environments since
# multiple Python installations can be found on a system for the same version.
def get_system_environment(version, *, env_vars=None):
    """
    Return the first Python environment found for a string of the form 'X.Y'
    where X and Y are the major and minor versions of Python.

    :raises: :exc:`.InvalidPythonEnvironment`
    :returns: :class:`.Environment`
    """
    exe = which('python' + version)
    if exe:
        if exe == sys.executable:
            return SameEnvironment()
        return Environment(exe)

    if os.name == 'nt':
        for exe in _get_executables_from_windows_registry(version):
            try:
                return Environment(exe, env_vars=env_vars)
            except InvalidPythonEnvironment:
                pass
    raise InvalidPythonEnvironment("Cannot find executable python%s." % version)


def create_environment(path, *, safe=True, env_vars=None):
    """
    Make it possible to manually create an Environment object by specifying a
    Virtualenv path or an executable path and optional environment variables.

    :raises: :exc:`.InvalidPythonEnvironment`
    :returns: :class:`.Environment`
    """
    if os.path.isfile(path):
        _assert_safe(path, safe)
        return Environment(path, env_vars=env_vars)
    return Environment(_get_executable_path(path, safe=safe), env_vars=env_vars)


def _get_executable_path(path, safe=True):
    """
    Returns None if it's not actually a virtual env.
    """

    if os.name == 'nt':
        python = os.path.join(path, 'Scripts', 'python.exe')
    else:
        python = os.path.join(path, 'bin', 'python')
    if not os.path.exists(python):
        raise InvalidPythonEnvironment("%s seems to be missing." % python)

    _assert_safe(python, safe)
    return python


def _get_executables_from_windows_registry(version):
    import winreg

    # TODO: support Python Anaconda.
    sub_keys = [
        r'SOFTWARE\Python\PythonCore\{version}\InstallPath',
        r'SOFTWARE\Wow6432Node\Python\PythonCore\{version}\InstallPath',
        r'SOFTWARE\Python\PythonCore\{version}-32\InstallPath',
        r'SOFTWARE\Wow6432Node\Python\PythonCore\{version}-32\InstallPath'
    ]
    for root_key in [winreg.HKEY_CURRENT_USER, winreg.HKEY_LOCAL_MACHINE]:
        for sub_key in sub_keys:
            sub_key = sub_key.format(version=version)
            try:
                with winreg.OpenKey(root_key, sub_key) as key:
                    prefix = winreg.QueryValueEx(key, '')[0]
                    exe = os.path.join(prefix, 'python.exe')
                    if os.path.isfile(exe):
                        yield exe
            except WindowsError:
                pass


def _assert_safe(executable_path, safe):
    if safe and not _is_safe(executable_path):
        raise InvalidPythonEnvironment(
            "The python binary is potentially unsafe.")


def _is_safe(executable_path):
    # Resolve sym links. A venv typically is a symlink to a known Python
    # binary. Only virtualenvs copy symlinks around.
    real_path = os.path.realpath(executable_path)

    if _is_unix_safe_simple(real_path):
        return True

    # Just check the list of known Python versions. If it's not in there,
    # it's likely an attacker or some Python that was not properly
    # installed in the system.
    for environment in find_system_environments():
        if environment.executable == real_path:
            return True

        # If the versions don't match, just compare the binary files. If we
        # don't do that, only venvs will be working and not virtualenvs.
        # venvs are symlinks while virtualenvs are actual copies of the
        # Python files.
        # This still means that if the system Python is updated and the
        # virtualenv's Python is not (which is probably never going to get
        # upgraded), it will not work with Jedi. IMO that's fine, because
        # people should just be using venv. ~ dave
        if environment._sha256 == _calculate_sha256_for_file(real_path):
            return True
    return False


def _is_unix_safe_simple(real_path):
    if _is_unix_admin():
        # In case we are root, just be conservative and
        # only execute known paths.
        return any(real_path.startswith(p) for p in _SAFE_PATHS)

    uid = os.stat(real_path).st_uid
    # The interpreter needs to be owned by root. This means that it wasn't
    # written by a user and therefore attacking Jedi is not as simple.
    # The attack could look like the following:
    # 1. A user clones a repository.
    # 2. The repository has an innocent looking folder called foobar. jedi
    #    searches for the folder and executes foobar/bin/python --version if
    #    there's also a foobar/bin/activate.
    # 3. The attacker has gained code execution, since he controls
    #    foobar/bin/python.
    return uid == 0


def _is_unix_admin():
    try:
        return os.getuid() == 0
    except AttributeError:
        return False  # Windows
Commit	Line	Data
53e6db90 DC	1	"""
	2	Environments are a way to activate different Python versions or Virtualenvs for
	3	static analysis. The Python binary in that environment is going to be executed.
	4	"""
	5	import os
	6	import sys
	7	import hashlib
	8	import filecmp
	9	from collections import namedtuple
	10	from shutil import which
	11
	12	from jedi.cache import memoize_method, time_cache
	13	from jedi.inference.compiled.subprocess import CompiledSubprocess, \
	14	InferenceStateSameProcess, InferenceStateSubprocess
	15
	16	import parso
	17
	18	_VersionInfo = namedtuple('VersionInfo', 'major minor micro') # type: ignore[name-match]
	19
	20	_SUPPORTED_PYTHONS = ['3.12', '3.11', '3.10', '3.9', '3.8', '3.7', '3.6']
	21	_SAFE_PATHS = ['/usr/bin', '/usr/local/bin']
	22	_CONDA_VAR = 'CONDA_PREFIX'
	23	_CURRENT_VERSION = '%s.%s' % (sys.version_info.major, sys.version_info.minor)
	24
	25
	26	class InvalidPythonEnvironment(Exception):
	27	"""
	28	If you see this exception, the Python executable or Virtualenv you have
	29	been trying to use is probably not a correct Python version.
	30	"""
	31
	32
	33	class _BaseEnvironment:
	34	@memoize_method
	35	def get_grammar(self):
	36	version_string = '%s.%s' % (self.version_info.major, self.version_info.minor)
	37	return parso.load_grammar(version=version_string)
	38
	39	@property
	40	def _sha256(self):
	41	try:
	42	return self._hash
	43	except AttributeError:
	44	self._hash = _calculate_sha256_for_file(self.executable)
	45	return self._hash
	46
	47
	48	def _get_info():
	49	return (
	50	sys.executable,
	51	sys.prefix,
	52	sys.version_info[:3],
	53	)
	54
	55
	56	class Environment(_BaseEnvironment):
	57	"""
	58	This class is supposed to be created by internal Jedi architecture. You
	59	should not create it directly. Please use create_environment or the other
	60	functions instead. It is then returned by that function.
	61	"""
	62	_subprocess = None
	63
	64	def __init__(self, executable, env_vars=None):
65	self._start_executable = executable
66	self._env_vars = env_vars
67	# Initialize the environment
68	self._get_subprocess()
69
70	def _get_subprocess(self):
71	if self._subprocess is not None and not self._subprocess.is_crashed:
72	return self._subprocess
73
74	try:
75	self._subprocess = CompiledSubprocess(self._start_executable,
76	env_vars=self._env_vars)
77	info = self._subprocess._send(None, _get_info)
78	except Exception as exc:
79	raise InvalidPythonEnvironment(
80	"Could not get version information for %r: %r" % (
81	self._start_executable,
82	exc))
83
84	# Since it could change and might not be the same(?) as the one given,
85	# set it here.
86	self.executable = info[0]
87	"""
88	The Python executable, matches ``sys.executable``.
89	"""
90	self.path = info[1]
91	"""
92	The path to an environment, matches ``sys.prefix``.
93	"""
94	self.version_info = _VersionInfo(*info[2])
95	"""
96	Like :data:`sys.version_info`: a tuple to show the current
97	Environment's Python version.
98	"""
99	return self._subprocess
100
101	def __repr__(self):
102	version = '.'.join(str(i) for i in self.version_info)
103	return '<%s: %s in %s>' % (self.__class__.__name__, version, self.path)
104
105	def get_inference_state_subprocess(self, inference_state):
106	return InferenceStateSubprocess(inference_state, self._get_subprocess())
107
108	@memoize_method
109	def get_sys_path(self):
110	"""
111	The sys path for this environment. Does not include potential
112	modifications from e.g. appending to :data:`sys.path`.
113
114	:returns: list of str
115	"""
116	# It's pretty much impossible to generate the sys path without actually
117	# executing Python. The sys path (when starting with -S) itself depends
118	# on how the Python version was compiled (ENV variables).
119	# If you omit -S when starting Python (normal case), additionally
120	# site.py gets executed.
121	return self._get_subprocess().get_sys_path()
122
123
124	class _SameEnvironmentMixin:
125	def __init__(self):
126	self._start_executable = self.executable = sys.executable
127	self.path = sys.prefix
128	self.version_info = _VersionInfo(*sys.version_info[:3])
129	self._env_vars = None
130
131
132	class SameEnvironment(_SameEnvironmentMixin, Environment):
133	pass
134
135
136	class InterpreterEnvironment(_SameEnvironmentMixin, _BaseEnvironment):
137	def get_inference_state_subprocess(self, inference_state):
138	return InferenceStateSameProcess(inference_state)
139
140	def get_sys_path(self):
141	return sys.path
142
143
144	def _get_virtual_env_from_var(env_var='VIRTUAL_ENV'):
145	"""Get virtualenv environment from VIRTUAL_ENV environment variable.
146
147	It uses `safe=False` with ``create_environment``, because the environment
148	variable is considered to be safe / controlled by the user solely.
149	"""
150	var = os.environ.get(env_var)
151	if var:
152	# Under macOS in some cases - notably when using Pipenv - the
153	# sys.prefix of the virtualenv is /path/to/env/bin/.. instead of
154	# /path/to/env so we need to fully resolve the paths in order to
155	# compare them.
156	if os.path.realpath(var) == os.path.realpath(sys.prefix):
157	return _try_get_same_env()
158
159	try:
160	return create_environment(var, safe=False)
161	except InvalidPythonEnvironment:
162	pass
163
164
165	def _calculate_sha256_for_file(path):
166	sha256 = hashlib.sha256()
167	with open(path, 'rb') as f:
168	for block in iter(lambda: f.read(filecmp.BUFSIZE), b''):
169	sha256.update(block)
170	return sha256.hexdigest()
171
172
173	def get_default_environment():
174	"""
175	Tries to return an active Virtualenv or conda environment.
176	If there is no VIRTUAL_ENV variable or no CONDA_PREFIX variable set
177	set it will return the latest Python version installed on the system. This
178	makes it possible to use as many new Python features as possible when using
179	autocompletion and other functionality.
180
181	:returns: :class:`.Environment`
182	"""
183	virtual_env = _get_virtual_env_from_var()
184	if virtual_env is not None:
185	return virtual_env
186
187	conda_env = _get_virtual_env_from_var(_CONDA_VAR)
188	if conda_env is not None:
189	return conda_env
190
191	return _try_get_same_env()
192
193
194	def _try_get_same_env():
195	env = SameEnvironment()
196	if not os.path.basename(env.executable).lower().startswith('python'):
197	# This tries to counter issues with embedding. In some cases (e.g.
198	# VIM's Python Mac/Windows, sys.executable is /foo/bar/vim. This
199	# happens, because for Mac a function called `_NSGetExecutablePath` is
200	# used and for Windows `GetModuleFileNameW`. These are both platform
201	# specific functions. For all other systems sys.executable should be
202	# alright. However here we try to generalize:
203	#
204	# 1. Check if the executable looks like python (heuristic)
205	# 2. In case it's not try to find the executable
206	# 3. In case we don't find it use an interpreter environment.
207	#
208	# The last option will always work, but leads to potential crashes of
209	# Jedi - which is ok, because it happens very rarely and even less,
210	# because the code below should work for most cases.
211	if os.name == 'nt':
212	# The first case would be a virtualenv and the second a normal
213	# Python installation.
214	checks = (r'Scripts\python.exe', 'python.exe')
215	else:
216	# For unix it looks like Python is always in a bin folder.
217	checks = (
218	'bin/python%s.%s' % (sys.version_info[0], sys.version[1]),
219	'bin/python%s' % (sys.version_info[0]),
220	'bin/python',
221	)
222	for check in checks:
223	guess = os.path.join(sys.exec_prefix, check)
224	if os.path.isfile(guess):
225	# Bingo - We think we have our Python.
226	return Environment(guess)
227	# It looks like there is no reasonable Python to be found.
228	return InterpreterEnvironment()
229	# If no virtualenv is found, use the environment we're already
230	# using.
231	return env
232
233
234	def get_cached_default_environment():
235	var = os.environ.get('VIRTUAL_ENV') or os.environ.get(_CONDA_VAR)
236	environment = _get_cached_default_environment()
237
238	# Under macOS in some cases - notably when using Pipenv - the
239	# sys.prefix of the virtualenv is /path/to/env/bin/.. instead of
240	# /path/to/env so we need to fully resolve the paths in order to
241	# compare them.
242	if var and os.path.realpath(var) != os.path.realpath(environment.path):
243	_get_cached_default_environment.clear_cache()
244	return _get_cached_default_environment()
245	return environment
246
247
248	@time_cache(seconds=10 * 60) # 10 Minutes
249	def _get_cached_default_environment():
250	try:
251	return get_default_environment()
252	except InvalidPythonEnvironment:
253	# It's possible that `sys.executable` is wrong. Typically happens
254	# when Jedi is used in an executable that embeds Python. For further
255	# information, have a look at:
256	# https://github.com/davidhalter/jedi/issues/1531
257	return InterpreterEnvironment()
258
259
260	def find_virtualenvs(paths=None, *, safe=True, use_environment_vars=True):
261	"""
262	:param paths: A list of paths in your file system to be scanned for
263	Virtualenvs. It will search in these paths and potentially execute the
264	Python binaries.
265	:param safe: Default True. In case this is False, it will allow this
266	function to execute potential `python` environments. An attacker might
267	be able to drop an executable in a path this function is searching by
268	default. If the executable has not been installed by root, it will not
269	be executed.
270	:param use_environment_vars: Default True. If True, the VIRTUAL_ENV
271	variable will be checked if it contains a valid VirtualEnv.
272	CONDA_PREFIX will be checked to see if it contains a valid conda
273	environment.
274
275	:yields: :class:`.Environment`
276	"""
277	if paths is None:
278	paths = []
279
280	_used_paths = set()
281
282	if use_environment_vars:
283	# Using this variable should be safe, because attackers might be
284	# able to drop files (via git) but not environment variables.
285	virtual_env = _get_virtual_env_from_var()
286	if virtual_env is not None:
287	yield virtual_env
288	_used_paths.add(virtual_env.path)
289
290	conda_env = _get_virtual_env_from_var(_CONDA_VAR)
291	if conda_env is not None:
292	yield conda_env
293	_used_paths.add(conda_env.path)
294
295	for directory in paths:
296	if not os.path.isdir(directory):
297	continue
298
299	directory = os.path.abspath(directory)
300	for path in os.listdir(directory):
301	path = os.path.join(directory, path)
302	if path in _used_paths:
303	# A path shouldn't be inferred twice.
304	continue
305	_used_paths.add(path)
306
307	try:
308	executable = _get_executable_path(path, safe=safe)
309	yield Environment(executable)
310	except InvalidPythonEnvironment:
311	pass
312
313
314	def find_system_environments(*, env_vars=None):
315	"""
316	Ignores virtualenvs and returns the Python versions that were installed on
317	your system. This might return nothing, if you're running Python e.g. from
318	a portable version.
319
320	The environments are sorted from latest to oldest Python version.
321
322	:yields: :class:`.Environment`
323	"""
324	for version_string in _SUPPORTED_PYTHONS:
325	try:
326	yield get_system_environment(version_string, env_vars=env_vars)
327	except InvalidPythonEnvironment:
328	pass
329
330
331	# TODO: this function should probably return a list of environments since
332	# multiple Python installations can be found on a system for the same version.
333	def get_system_environment(version, *, env_vars=None):
334	"""
335	Return the first Python environment found for a string of the form 'X.Y'
336	where X and Y are the major and minor versions of Python.
337
338	:raises: :exc:`.InvalidPythonEnvironment`
339	:returns: :class:`.Environment`
340	"""
341	exe = which('python' + version)
342	if exe:
343	if exe == sys.executable:
344	return SameEnvironment()
345	return Environment(exe)
346
347	if os.name == 'nt':
348	for exe in _get_executables_from_windows_registry(version):
349	try:
350	return Environment(exe, env_vars=env_vars)
351	except InvalidPythonEnvironment:
352	pass
353	raise InvalidPythonEnvironment("Cannot find executable python%s." % version)
354
355
356	def create_environment(path, *, safe=True, env_vars=None):
357	"""
358	Make it possible to manually create an Environment object by specifying a
359	Virtualenv path or an executable path and optional environment variables.
360
361	:raises: :exc:`.InvalidPythonEnvironment`
362	:returns: :class:`.Environment`
363	"""
364	if os.path.isfile(path):
365	_assert_safe(path, safe)
366	return Environment(path, env_vars=env_vars)
367	return Environment(_get_executable_path(path, safe=safe), env_vars=env_vars)
368
369
370	def _get_executable_path(path, safe=True):
371	"""
372	Returns None if it's not actually a virtual env.
373	"""
374
375	if os.name == 'nt':
376	python = os.path.join(path, 'Scripts', 'python.exe')
377	else:
378	python = os.path.join(path, 'bin', 'python')
379	if not os.path.exists(python):
380	raise InvalidPythonEnvironment("%s seems to be missing." % python)
381
382	_assert_safe(python, safe)
383	return python
384
385
386	def _get_executables_from_windows_registry(version):
387	import winreg
388
389	# TODO: support Python Anaconda.
390	sub_keys = [
391	r'SOFTWARE\Python\PythonCore\{version}\InstallPath',
392	r'SOFTWARE\Wow6432Node\Python\PythonCore\{version}\InstallPath',
393	r'SOFTWARE\Python\PythonCore\{version}-32\InstallPath',
394	r'SOFTWARE\Wow6432Node\Python\PythonCore\{version}-32\InstallPath'
395	]
396	for root_key in [winreg.HKEY_CURRENT_USER, winreg.HKEY_LOCAL_MACHINE]:
397	for sub_key in sub_keys:
398	sub_key = sub_key.format(version=version)
399	try:
400	with winreg.OpenKey(root_key, sub_key) as key:
401	prefix = winreg.QueryValueEx(key, '')[0]
402	exe = os.path.join(prefix, 'python.exe')
403	if os.path.isfile(exe):
404	yield exe
405	except WindowsError:
406	pass
407
408
409	def _assert_safe(executable_path, safe):
410	if safe and not _is_safe(executable_path):
411	raise InvalidPythonEnvironment(
412	"The python binary is potentially unsafe.")
413
414
415	def _is_safe(executable_path):
416	# Resolve sym links. A venv typically is a symlink to a known Python
417	# binary. Only virtualenvs copy symlinks around.
418	real_path = os.path.realpath(executable_path)
419
420	if _is_unix_safe_simple(real_path):
421	return True
422
423	# Just check the list of known Python versions. If it's not in there,
424	# it's likely an attacker or some Python that was not properly
425	# installed in the system.
426	for environment in find_system_environments():
427	if environment.executable == real_path:
428	return True
429
430	# If the versions don't match, just compare the binary files. If we
431	# don't do that, only venvs will be working and not virtualenvs.
432	# venvs are symlinks while virtualenvs are actual copies of the
433	# Python files.
434	# This still means that if the system Python is updated and the
435	# virtualenv's Python is not (which is probably never going to get
436	# upgraded), it will not work with Jedi. IMO that's fine, because
437	# people should just be using venv. ~ dave
438	if environment._sha256 == _calculate_sha256_for_file(real_path):
439	return True
440	return False
441
442
443	def _is_unix_safe_simple(real_path):
444	if _is_unix_admin():
445	# In case we are root, just be conservative and
446	# only execute known paths.
447	return any(real_path.startswith(p) for p in _SAFE_PATHS)
448
449	uid = os.stat(real_path).st_uid
450	# The interpreter needs to be owned by root. This means that it wasn't
451	# written by a user and therefore attacking Jedi is not as simple.
452	# The attack could look like the following:
453	# 1. A user clones a repository.
454	# 2. The repository has an innocent looking folder called foobar. jedi
455	# searches for the folder and executes foobar/bin/python --version if
456	# there's also a foobar/bin/activate.
457	# 3. The attacker has gained code execution, since he controls
458	# foobar/bin/python.
459	return uid == 0
460
461
462	def _is_unix_admin():
463	try:
464	return os.getuid() == 0
465	except AttributeError:
466	return False # Windows