bitbake: hig.py: use module tempfile to create temp file

I am sorry that use os.tmpname which casue a security warning. Follow Darren's suggestion to use tempfile.NamedTemporaryFile instead. (Bitbake rev: fe514a130579302312f68821536d108c8ceb4363) Signed-off-by: Kang Kai <kai.kang@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2026-05-09 05:29:32 +00:00 · 2012-06-25 16:47:36 +08:00
parent 72f04e760d
commit b224ed2065
1 changed files with 8 additions and 12 deletions
@@ -28,6 +28,7 @@ import os
 import re
 import shlex
 import subprocess
+import tempfile
 from bb.ui.crumbs.hobcolor import HobColors
 from bb.ui.crumbs.hobwidget import hcc, hic, HobViewTable, HobInfoButton, HobButton, HobAltButton, HobIconChecker
 from bb.ui.crumbs.progressbar import HobProgressBar
@@ -869,21 +870,16 @@ class DeployImageDialog (CrumbsDialog):
            if combo_item and combo_item != self.__dummy_usb__ and self.image_path:
                cmdline = bb.ui.crumbs.utils.which_terminal()
                if cmdline:
-                    tmpname = os.tmpnam()
+                    tmpfile = tempfile.NamedTemporaryFile()
                    cmdline += "\"sudo dd if=" + self.image_path + \
-                                " of=" + combo_item + "; echo $? > " + tmpname + "\""
+                                " of=" + combo_item + "; echo $? > " + tmpfile.name + "\""
                    subprocess.call(shlex.split(cmdline))

-                    # if file tmpname not exists, that means there is something wrong with xterm
-                    # user can get the error message from xterm so no more warning need.
-                    if os.path.exists(tmpname):
-                        tmpfile = open(tmpname)
-                        if int(tmpfile.readline().strip()) == 0:
-                            lbl = "<b>Deploy image successfully.</b>"
-                        else:
-                            lbl = "<b>Failed to deploy image.</b>\nPlease check image <b>%s</b> exists and USB device <b>%s</b> is writable." % (self.image_path, combo_item)
-                        tmpfile.close()
-                        os.remove(tmpname)
+                    if int(tmpfile.readline().strip()) == 0:
+                        lbl = "<b>Deploy image successfully.</b>"
+                    else:
+                        lbl = "<b>Failed to deploy image.</b>\nPlease check image <b>%s</b> exists and USB device <b>%s</b> is writable." % (self.image_path, combo_item)
+                    tmpfile.close()
            else:
                if not self.image_path:
                    lbl = "<b>No selection made.</b>\nYou have not selected an image to deploy."