Avoid in-place Python code execution

pavoljuhas · pavoljuhas · commit b6f1c96dc665 · 2025-09-24T15:22:13.000-07:00
Address https://github.com/quantumlib/Cirq/security/code-scanning/645
diff --git a/dev_tools/modules_test_data/mod1/setup.py b/dev_tools/modules_test_data/mod1/setup.py
@@ -1,8 +1,10 @@
+# pylint: disable=wrong-or-nonexistent-copyright-notice
+
+import runpy
+
 from setuptools import find_packages, setup
 
-# This reads the __version__ variable from cirq/_version.py
-__version__ = ''
-exec(open('pack1/_version.py').read())
+__version__ = runpy.run_path('pack1/_version.py')['__version__']
 
 name = 'module1'
 
diff --git a/dev_tools/modules_test_data/mod2/setup.py b/dev_tools/modules_test_data/mod2/setup.py
@@ -1,10 +1,11 @@
-from setuptools import setup
+# pylint: disable=wrong-or-nonexistent-copyright-notice
 
-name = 'module2'
+import runpy
 
-__version__ = ''
+from setuptools import setup
 
+name = 'module2'
 
-exec(open('pack2/_version.py').read())
+__version__ = runpy.run_path('pack2/_version.py')['__version__']
 
 setup(name=name, version=__version__, packages=['pack2'])
diff --git a/dev_tools/modules_test_data/setup.py b/dev_tools/modules_test_data/setup.py
@@ -1,9 +1,11 @@
+# pylint: disable=wrong-or-nonexistent-copyright-notice
+
+import runpy
+
 from setuptools import setup
 
 name = 'parent-module'
 
-__version__ = ''
-
-exec(open('mod1/pack1/_version.py').read())
+__version__ = runpy.run_path('mod1/pack1/_version.py')['__version__']
 
 setup(name=name, version=__version__, requirements=[])
