fix: cleanup PyPI package temp directory and prevent leaks by behnazh-w · Pull Request #1404 · oracle/macaron

behnazh-w · 2026-05-07T04:24:07Z

Summary

Fix PyPI package temp directory cleanup leaks during malware/source analysis.

Strip the single top-level sdist archive directory during extraction, so package contents are extracted directly into the mkdtemp root.
Ensure source and wheel context managers clean up temp directories even when analysis raises.
Use the sourcecode context manager in TypeStubFileAnalyzer instead of calling download_sourcecode() directly.
Add relevant unit tests for cleanup after extraction.

Signed-off-by: behnazh-w <behnaz.hassanshahi@oracle.com>

oracle-contributor-agreement Bot added the OCA Verified All contributors have signed the Oracle Contributor Agreement. label May 7, 2026

behnazh-w force-pushed the behnazh/fix-bug-pypi-downloads branch 3 times, most recently from 35738ae to 6910a2d Compare May 11, 2026 08:23

fix: cleanup PyPI package temp directory and prevent leaks

90aa33f

Signed-off-by: behnazh-w <behnaz.hassanshahi@oracle.com>

behnazh-w force-pushed the behnazh/fix-bug-pypi-downloads branch from 6910a2d to 90aa33f Compare May 11, 2026 11:28

behnazh-w requested a review from art1f1c3R May 11, 2026 11:29

behnazh-w marked this pull request as ready for review May 11, 2026 11:29