diff options
| author | Kang Kai <kai.kang@windriver.com> | 2012-06-25 16:47:36 +0800 |
|---|---|---|
| committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2012-06-25 14:57:17 +0100 |
| commit | b224ed20653f0596ce9e29ff3a9728e770e6d0b2 (patch) | |
| tree | d8943b4d6b1ae23ff16b68db797edad816dc1cdf | |
| parent | 72f04e760d99d6be99a82d8fd0efc0a136da3e7a (diff) | |
| download | poky-b224ed20653f0596ce9e29ff3a9728e770e6d0b2.tar.gz | |
bitbake: hig.py: use module tempfile to create temp file
I am sorry that use os.tmpname which casue a security warning.
Follow Darren's suggestion to use tempfile.NamedTemporaryFile instead.
(Bitbake rev: fe514a130579302312f68821536d108c8ceb4363)
Signed-off-by: Kang Kai <kai.kang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
| -rw-r--r-- | bitbake/lib/bb/ui/crumbs/hig.py | 20 |
1 files changed, 8 insertions, 12 deletions
diff --git a/bitbake/lib/bb/ui/crumbs/hig.py b/bitbake/lib/bb/ui/crumbs/hig.py index b586b6c274..2001ff424f 100644 --- a/bitbake/lib/bb/ui/crumbs/hig.py +++ b/bitbake/lib/bb/ui/crumbs/hig.py | |||
| @@ -28,6 +28,7 @@ import os | |||
| 28 | import re | 28 | import re |
| 29 | import shlex | 29 | import shlex |
| 30 | import subprocess | 30 | import subprocess |
| 31 | import tempfile | ||
| 31 | from bb.ui.crumbs.hobcolor import HobColors | 32 | from bb.ui.crumbs.hobcolor import HobColors |
| 32 | from bb.ui.crumbs.hobwidget import hcc, hic, HobViewTable, HobInfoButton, HobButton, HobAltButton, HobIconChecker | 33 | from bb.ui.crumbs.hobwidget import hcc, hic, HobViewTable, HobInfoButton, HobButton, HobAltButton, HobIconChecker |
| 33 | from bb.ui.crumbs.progressbar import HobProgressBar | 34 | from bb.ui.crumbs.progressbar import HobProgressBar |
| @@ -869,21 +870,16 @@ class DeployImageDialog (CrumbsDialog): | |||
| 869 | if combo_item and combo_item != self.__dummy_usb__ and self.image_path: | 870 | if combo_item and combo_item != self.__dummy_usb__ and self.image_path: |
| 870 | cmdline = bb.ui.crumbs.utils.which_terminal() | 871 | cmdline = bb.ui.crumbs.utils.which_terminal() |
| 871 | if cmdline: | 872 | if cmdline: |
| 872 | tmpname = os.tmpnam() | 873 | tmpfile = tempfile.NamedTemporaryFile() |
| 873 | cmdline += "\"sudo dd if=" + self.image_path + \ | 874 | cmdline += "\"sudo dd if=" + self.image_path + \ |
| 874 | " of=" + combo_item + "; echo $? > " + tmpname + "\"" | 875 | " of=" + combo_item + "; echo $? > " + tmpfile.name + "\"" |
| 875 | subprocess.call(shlex.split(cmdline)) | 876 | subprocess.call(shlex.split(cmdline)) |
| 876 | 877 | ||
| 877 | # if file tmpname not exists, that means there is something wrong with xterm | 878 | if int(tmpfile.readline().strip()) == 0: |
| 878 | # user can get the error message from xterm so no more warning need. | 879 | lbl = "<b>Deploy image successfully.</b>" |
| 879 | if os.path.exists(tmpname): | 880 | else: |
| 880 | tmpfile = open(tmpname) | 881 | lbl = "<b>Failed to deploy image.</b>\nPlease check image <b>%s</b> exists and USB device <b>%s</b> is writable." % (self.image_path, combo_item) |
| 881 | if int(tmpfile.readline().strip()) == 0: | 882 | tmpfile.close() |
| 882 | lbl = "<b>Deploy image successfully.</b>" | ||
| 883 | else: | ||
| 884 | lbl = "<b>Failed to deploy image.</b>\nPlease check image <b>%s</b> exists and USB device <b>%s</b> is writable." % (self.image_path, combo_item) | ||
| 885 | tmpfile.close() | ||
| 886 | os.remove(tmpname) | ||
| 887 | else: | 883 | else: |
| 888 | if not self.image_path: | 884 | if not self.image_path: |
| 889 | lbl = "<b>No selection made.</b>\nYou have not selected an image to deploy." | 885 | lbl = "<b>No selection made.</b>\nYou have not selected an image to deploy." |