1
0

b/c...py: secure input and output files

Do not use environmental variables `INPUT_FILE` and `OUTPUT_FILE`
This commit is contained in:
Intel A80486DX2-66 2024-08-26 22:44:58 +03:00
parent 0ab521e2ca
commit c2d29a2d0f
Signed by: 80486DX2-66
GPG Key ID: 83631EF27054609B

View File

@ -5,7 +5,7 @@ if __name__ == "__main__":
from argparse import ArgumentParser
from os import environ, makedirs, name as os_name, rename
from os.path import basename, exists, join as path_join
from os.path import exists, join as path_join
from shlex import join as command_line_join, split as command_line_split
from shutil import which
from sys import stdin, stdout
@ -47,9 +47,7 @@ DEFAULT_PARAMETERS = {
"CC": "cc",
"CFLAGS": "-Ofast -march=native -mtune=native -Wall -Wextra -Wpedantic "
"-pedantic -Wno-unused-variable -Wno-unused-but-set-variable "
"-Wno-dangling-else -Wno-parentheses -std=c99",
"INPUT_FILE": PATHS["substitute_kept"],
"OUTPUT_FILE": PATHS["output_kept"]
"-Wno-dangling-else -Wno-parentheses -std=c99"
}
stdout_atty = hasattr(stdout, "isatty") and stdout.isatty()
@ -112,8 +110,6 @@ if os_name == "nt":
]
CFLAGS = fetch("CFLAGS")
INPUT_FILE = fetch("INPUT_FILE")
OUTPUT_FILE = fetch("OUTPUT_FILE")
if extra := fetch("CFLAGS_EXTRA"):
CFLAGS += " " + extra
@ -144,8 +140,8 @@ if __name__ == "__main__":
parser = ArgumentParser(description=\
"Substitutes supplied C (non-JavaScript!) bytebeat into the template, "
"then attempts to compile the instance of the template. Accepts "
"environmental variables `CC`, `CFLAGS`, `INPUT_FILE`, `OUTPUT_FILE`. "
"`CFLAGS_EXTRA` can be used to add to default `CFLAGS`.")
"environmental variables `CC`, `CFLAGS`. `CFLAGS_EXTRA` can be used to "
"add to default `CFLAGS`.")
parser.add_argument("file", type=str,
help="bytebeat formula file (use `-` to read from stdin)")
parser.add_argument("-o", "--output", default="output.wav", type=str,
@ -351,9 +347,9 @@ if __name__ == "__main__":
"CC.")
with TemporaryDirectory() as tmpdirname:
temporary_path = lambda path: path_join(tmpdirname, basename(path))
temporary_path = lambda path: path_join(tmpdirname, path)
substitute_temp = temporary_path(INPUT_FILE)
substitute_temp = temporary_path(PATHS["substitute"])
rewrite_file(substitute_temp, substitute_vars({
"bytebeat_contents": bytebeat_contents,
"output_file": C_str_repr(args.output),
@ -384,7 +380,7 @@ if __name__ == "__main__":
# Compile
print("Compiling")
output_file_temp = temporary_path(OUTPUT_FILE)
output_file_temp = temporary_path(PATHS["output"])
run_command(
CC,
@ -399,5 +395,5 @@ if __name__ == "__main__":
if args.keep_files:
makedirs(PATHS["bin_dir"], exist_ok=True)
rename(substitute_temp, INPUT_FILE)
rename(output_file_temp, OUTPUT_FILE)
rename(substitute_temp, PATHS["substitute_kept"])
rename(output_file_temp, PATHS["output_kept"])