django.git/tests/utils_tests/test_os_utils.py, branch main

Fixed CVE-2026-25674 -- Prevented potentially incorrect permissions on file system object creation.

2026-03-03T12:09:32Z

This fix introduces `safe_makedirs()` in the `os` utils as a safer alternative to `os.makedirs()` that avoids umask-related race conditions in multi-threaded environments. This is a workaround for https://github.com/python/cpython/issues/86533 and the solution is based on the fix being proposed for CPython. Co-authored-by: Gregory P. Smith <68491+gpshead@users.noreply.github.com> Co-authored-by: Zackery Spytz Refs CVE-2020-24583 and #31921. Thanks Tarek Nakkouch for the report, and Jake Howard, Jacob Walls, and Shai Berger for reviews.

Refs #33476 -- Reformatted code with Black.

2022-02-07T19:37:05Z

Refs #30461 -- Added django.utils._os.to_path().

2019-08-13T15:17:39Z

Removed redundant numbered parameters from str.format().

2014-12-03T19:27:38Z

Since Python 2.7 and 3.1, "{0} {1}" is equivalent to "{} {}".

Raised SuspiciousFileOperation in safe_join.

2014-11-11T18:05:14Z

Added a test for the condition safe_join is designed to prevent. Previously, a generic ValueError was raised. It was impossible to tell an intentional exception raised to implement safe_join's contract from an unintentional exception caused by incorrect inputs or unexpected conditions. That resulted in bizarre exception catching patterns, which this patch removes. Since safe_join is a private API and since the change is unlikely to create security issues for users who use it anyway -- at worst, an uncaught SuspiciousFileOperation exception will bubble up -- it isn't documented.

Stopped using django.utils.unittest in the test suite.

2013-07-01T12:29:33Z

Refs #20680.

Modified utils_tests for unittest2 discovery.

2013-04-12T21:31:58Z