From: Matti Picus <matti.picus@gmail.com>
Date: Sun, 2 May 2021 10:57:58 -0400
Subject: Stdlib: Remove the pydoc getfile feature (bpo 42988) (CVE-2021-3426)

Bug-cPython: https://bugs.python.org/issue42988
Origin: upstream, https://foss.heptapod.net/pypy/pypy/-/commit/f66a96388f8a0ba125005d5d524a31dfd3878a18
---
 lib-python/3/pydoc.py           | 18 ------------------
 lib-python/3/test/test_pydoc.py |  6 ------
 2 files changed, 24 deletions(-)

diff --git a/lib-python/3/pydoc.py b/lib-python/3/pydoc.py
index 978e4cd..9677c0d 100644
--- a/lib-python/3/pydoc.py
+++ b/lib-python/3/pydoc.py
@@ -2348,9 +2348,6 @@ def _url_handler(url, content_type="text/html"):
 %s</head><body bgcolor="#f0f0f8">%s<div style="clear:both;padding-top:.5em;">%s</div>
 </body></html>''' % (title, css_link, html_navbar(), contents)
 
-        def filelink(self, url, path):
-            return '<a href="getfile?key=%s">%s</a>' % (url, path)
-
 
     html = _HTMLDoc()
 
@@ -2436,19 +2433,6 @@ def _url_handler(url, content_type="text/html"):
             'key = %s' % key, '#ffffff', '#ee77aa', '<br>'.join(results))
         return 'Search Results', contents
 
-    def html_getfile(path):
-        """Get and display a source file listing safely."""
-        path = urllib.parse.unquote(path)
-        with tokenize.open(path) as fp:
-            lines = html.escape(fp.read())
-        body = '<pre>%s</pre>' % lines
-        heading = html.heading(
-            '<big><big><strong>File Listing</strong></big></big>',
-            '#ffffff', '#7799ee')
-        contents = heading + html.bigsection(
-            'File: %s' % path, '#ffffff', '#ee77aa', body)
-        return 'getfile %s' % path, contents
-
     def html_topics():
         """Index of topic texts available."""
 
@@ -2540,8 +2524,6 @@ def _url_handler(url, content_type="text/html"):
                 op, _, url = url.partition('=')
                 if op == "search?key":
                     title, content = html_search(url)
-                elif op == "getfile?key":
-                    title, content = html_getfile(url)
                 elif op == "topic?key":
                     # try topics first, then objects.
                     try:
diff --git a/lib-python/3/test/test_pydoc.py b/lib-python/3/test/test_pydoc.py
index b47bb13..1e94b43 100644
--- a/lib-python/3/test/test_pydoc.py
+++ b/lib-python/3/test/test_pydoc.py
@@ -1067,18 +1067,12 @@ class PydocUrlHandlerTest(PydocBaseTest):
             ("topic?key=def", "Pydoc: KEYWORD def"),
             ("topic?key=STRINGS", "Pydoc: TOPIC STRINGS"),
             ("foobar", "Pydoc: Error - foobar"),
-            ("getfile?key=foobar", "Pydoc: Error - getfile?key=foobar"),
             ]
 
         with self.restrict_walk_packages():
             for url, title in requests:
                 self.call_url_handler(url, title)
 
-            path = string.__file__
-            title = "Pydoc: getfile " + path
-            url = "getfile?key=" + path
-            self.call_url_handler(url, title)
-
 
 class TestHelper(unittest.TestCase):
     def test_keywords(self):
