From b2847255769f7e40fa757c830020cb2daad7860d Mon Sep 17 00:00:00 2001
From: "Jason R. Coombs" <jaraco@jaraco.com>
Date: Wed, 27 May 2015 18:40:01 -0400
Subject: Disallow path separators in script names. Fixes #390

---
 setuptools/command/easy_install.py | 10 ++++++++++
 1 file changed, 10 insertions(+)

(limited to 'setuptools/command/easy_install.py')

diff --git a/setuptools/command/easy_install.py b/setuptools/command/easy_install.py
index 2c127126..1b32b1c8 100755
--- a/setuptools/command/easy_install.py
+++ b/setuptools/command/easy_install.py
@@ -2024,11 +2024,21 @@ class ScriptWriter(object):
         for type_ in 'console', 'gui':
             group = type_ + '_scripts'
             for name, ep in dist.get_entry_map(group).items():
+                cls._ensure_safe_name(name)
                 script_text = cls.template % locals()
                 args = cls._get_script_args(type_, name, header, script_text)
                 for res in args:
                     yield res
 
+    @staticmethod
+    def _ensure_safe_name(name):
+        """
+        Prevent paths in *_scripts entry point names.
+        """
+        has_path_sep = re.search(r'[\\/]', name)
+        if has_path_sep:
+            raise ValueError("Path separators not allowed in script names")
+
     @classmethod
     def get_writer(cls, force_windows):
         # for backward compatibility
-- 
cgit v1.2.1