mirrors/poky
1
0
Fork 0
mirror of https://git.yoctoproject.org/poky synced 2026-06-01 13:09:50 +00:00
Code Issues Projects Releases Wiki Activity

bitbake: hig.py: use module tempfile to create temp file

Browse Source 
I am sorry that use os.tmpname which casue a security warning.
Follow Darren's suggestion to use tempfile.NamedTemporaryFile instead.

(Bitbake rev: fe514a130579302312f68821536d108c8ceb4363)

Signed-off-by: Kang Kai <kai.kang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This commit is contained in:
Kang Kai
2012-06-25 16:47:36 +08:00
committed by Richard Purdie
parent 72f04e760d
commit b224ed2065
1 changed files with 8 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files
bitbake/lib/bb/ui/crumbs/hig.py
+8 -12
View File
@@ -28,6 +28,7 @@ import os
import re import re
import shlex import shlex
import subprocess import subprocess
import tempfile
from bb.ui.crumbs.hobcolor import HobColors from bb.ui.crumbs.hobcolor import HobColors
from bb.ui.crumbs.hobwidget import hcc, hic, HobViewTable, HobInfoButton, HobButton, HobAltButton, HobIconChecker from bb.ui.crumbs.hobwidget import hcc, hic, HobViewTable, HobInfoButton, HobButton, HobAltButton, HobIconChecker
from bb.ui.crumbs.progressbar import HobProgressBar from bb.ui.crumbs.progressbar import HobProgressBar
@@ -869,21 +870,16 @@ class DeployImageDialog (CrumbsDialog):
if combo_item and combo_item != self.__dummy_usb__ and self.image_path: if combo_item and combo_item != self.__dummy_usb__ and self.image_path:
cmdline = bb.ui.crumbs.utils.which_terminal() cmdline = bb.ui.crumbs.utils.which_terminal()
if cmdline: if cmdline:
tmpname = os.tmpnam() tmpfile = tempfile.NamedTemporaryFile()
cmdline += "\"sudo dd if=" + self.image_path + \ cmdline += "\"sudo dd if=" + self.image_path + \
" of=" + combo_item + "; echo $? > " + tmpname + "\"" " of=" + combo_item + "; echo $? > " + tmpfile.name + "\""
subprocess.call(shlex.split(cmdline)) subprocess.call(shlex.split(cmdline))
# if file tmpname not exists, that means there is something wrong with xterm if int(tmpfile.readline().strip()) == 0:
# user can get the error message from xterm so no more warning need. lbl = "<b>Deploy image successfully.</b>"
if os.path.exists(tmpname): else:
tmpfile = open(tmpname) lbl = "<b>Failed to deploy image.</b>\nPlease check image <b>%s</b> exists and USB device <b>%s</b> is writable." % (self.image_path, combo_item)
if int(tmpfile.readline().strip()) == 0: tmpfile.close()
lbl = "<b>Deploy image successfully.</b>"
else:
lbl = "<b>Failed to deploy image.</b>\nPlease check image <b>%s</b> exists and USB device <b>%s</b> is writable." % (self.image_path, combo_item)
tmpfile.close()
os.remove(tmpname)
else: else:
if not self.image_path: if not self.image_path:
lbl = "<b>No selection made.</b>\nYou have not selected an image to deploy." lbl = "<b>No selection made.</b>\nYou have not selected an image to deploy."