blumia/dde-application-manager
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix: 修改了process.start函数参数的问题

Browse Source 
修改了将参数以字符串拼接形式传入process.start中的问题,避免了命令注入。

Log: 修改了process.start函数参数的问题
This commit is contained in:
York Lee 2023-04-14 09:27:47 +08:00 committed by deepin-bot[bot]
parent e68eba8c1f
commit 94aa8b835e
1 changed files with 10 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
src/modules/launcher/launcher.cpp
View File

@ -807,7 +807,8 @@ Categorytype Launcher::getXCategory(const Item *item)
QString Launcher::queryPkgNameWithDpkg(const QString &itemPath) QString Launcher::queryPkgNameWithDpkg(const QString &itemPath)
{ {
QProcess process; QProcess process;
process.start("dpkg -S " + itemPath); QStringList args {"-S", itemPath};
process.start("dpkg", args);
if (!process.waitForFinished()) if (!process.waitForFinished())
return QString(); return QString();
@ -845,12 +846,14 @@ QString Launcher::queryPkgName(const QString &itemID, const QString &itemPath)
// dpkg命令检查通过路径匹配的包是否存在 // dpkg命令检查通过路径匹配的包是否存在
QString pkgName(result[1].str().c_str()); QString pkgName(result[1].str().c_str());
QProcess process; QProcess process;
process.start("dpkg -s " + pkgName); QStringList args0 {"-s", pkgName};
process.start("dpkg", args0);
if (process.waitForFinished()) if (process.waitForFinished())
return pkgName; return pkgName;
// 当包不存在则使用dpkg -S来查找包 // 当包不存在则使用dpkg -S来查找包
process.start("dpkg -S" + pkgName); QStringList args1 {"-S", pkgName};
process.start("dpkg", args1);
if (!process.waitForFinished()) if (!process.waitForFinished())
return QString(); return QString();
@ -1062,7 +1065,8 @@ void Launcher::uninstallFlatpak(DesktopInfo &info, const Item &item)
QString ref = QString("app/%1/%2/%3").arg(flat.name.c_str()).arg(flat.arch.c_str()).arg(flat.branch.c_str()); QString ref = QString("app/%1/%2/%3").arg(flat.name.c_str()).arg(flat.arch.c_str()).arg(flat.branch.c_str());
qInfo() << "uninstall flatpak ref= " << ref; qInfo() << "uninstall flatpak ref= " << ref;
QProcess process; QProcess process;
process.start("flatpak " + sysOrUser + " uninstall " + ref); QStringList args {sysOrUser, "uninstall", ref};
process.start("flatpak", args);
bool res = process.waitForFinished(); bool res = process.waitForFinished();
std::thread thread([&] { std::thread thread([&] {
notifyUninstallDone(item, res); notifyUninstallDone(item, res);
@ -1079,7 +1083,8 @@ void Launcher::uninstallFlatpak(DesktopInfo &info, const Item &item)
bool Launcher::uninstallWineApp(const Item &item) bool Launcher::uninstallWineApp(const Item &item)
{ {
QProcess process; QProcess process;
process.start("/opt/deepinwine/tools/uninstall.sh" + item.info.path); QStringList args {item.info.path};
process.start("/opt/deepinwine/tools/uninstall.sh", args);
bool res = process.waitForFinished(); bool res = process.waitForFinished();
std::thread thread([&] { std::thread thread([&] {
notifyUninstallDone(item, res); notifyUninstallDone(item, res);