config.py: Modifies import strategy for config parser

On systems which had dev-python/configparser installed (a package
to add support for the py3.x configparser class in py2.x)
webapp-config would make use of that class instead of py2.x's built
in ConfigParser class. This would lead to improper interpolation of
configuration variables that follow the syntax "${<var>}". This
dangerous behavior could (and has) lead to webapp-config installing
a webapp to the root filesystem of a host. This danger has been
avoided by modifying the import strategy for the config parser we're
using so that we force import the ConfigParser class if using py2.x.

X-Gentoo-Bug: 528752
X-Gentoo-Bug-URL: https://bugs.gentoo.org/528752

1 files changed, 4 insertions, 7 deletions

diff --git a/WebappConfig/config.py b/WebappConfig/config.py
index cdae149..c87b93b 100644
--- a/WebappConfig/config.py
+++ b/WebappConfig/config.py
@@ -21,15 +21,12 @@
 
 import sys, os, os.path, re, socket, time
 
-try:
+if sys.hexversion >= 0x3000000:
     # Python 3
     import configparser
-    if sys.version_info >= (3, 2):
-        from configparser import ConfigParser as configparser_ConfigParser
-        from configparser import ExtendedInterpolation
-    else:
-        from configparser import SafeConfigParser as configparser_ConfigParser
-except ImportError:
+    from configparser import ConfigParser as configparser_ConfigParser
+    from configparser import ExtendedInterpolation
+else:
     # Python 2
     import ConfigParser as configparser
     from ConfigParser import SafeConfigParser as configparser_ConfigParser