From b224ed20653f0596ce9e29ff3a9728e770e6d0b2 Mon Sep 17 00:00:00 2001 From: Kang Kai Date: Mon, 25 Jun 2012 16:47:36 +0800 Subject: bitbake: hig.py: use module tempfile to create temp file I am sorry that use os.tmpname which casue a security warning. Follow Darren's suggestion to use tempfile.NamedTemporaryFile instead. (Bitbake rev: fe514a130579302312f68821536d108c8ceb4363) Signed-off-by: Kang Kai Signed-off-by: Richard Purdie --- bitbake/lib/bb/ui/crumbs/hig.py | 20 ++++++++------------ 1 file changed, 8 insertions(+), 12 deletions(-) (limited to 'bitbake') diff --git a/bitbake/lib/bb/ui/crumbs/hig.py b/bitbake/lib/bb/ui/crumbs/hig.py index b586b6c274..2001ff424f 100644 --- a/bitbake/lib/bb/ui/crumbs/hig.py +++ b/bitbake/lib/bb/ui/crumbs/hig.py @@ -28,6 +28,7 @@ import os import re import shlex import subprocess +import tempfile from bb.ui.crumbs.hobcolor import HobColors from bb.ui.crumbs.hobwidget import hcc, hic, HobViewTable, HobInfoButton, HobButton, HobAltButton, HobIconChecker from bb.ui.crumbs.progressbar import HobProgressBar @@ -869,21 +870,16 @@ class DeployImageDialog (CrumbsDialog): if combo_item and combo_item != self.__dummy_usb__ and self.image_path: cmdline = bb.ui.crumbs.utils.which_terminal() if cmdline: - tmpname = os.tmpnam() + tmpfile = tempfile.NamedTemporaryFile() cmdline += "\"sudo dd if=" + self.image_path + \ - " of=" + combo_item + "; echo $? > " + tmpname + "\"" + " of=" + combo_item + "; echo $? > " + tmpfile.name + "\"" subprocess.call(shlex.split(cmdline)) - # if file tmpname not exists, that means there is something wrong with xterm - # user can get the error message from xterm so no more warning need. - if os.path.exists(tmpname): - tmpfile = open(tmpname) - if int(tmpfile.readline().strip()) == 0: - lbl = "Deploy image successfully." - else: - lbl = "Failed to deploy image.\nPlease check image %s exists and USB device %s is writable." % (self.image_path, combo_item) - tmpfile.close() - os.remove(tmpname) + if int(tmpfile.readline().strip()) == 0: + lbl = "Deploy image successfully." + else: + lbl = "Failed to deploy image.\nPlease check image %s exists and USB device %s is writable." % (self.image_path, combo_item) + tmpfile.close() else: if not self.image_path: lbl = "No selection made.\nYou have not selected an image to deploy." -- cgit v1.2.3-54-g00ecf