Fixed security issues
This commit is contained in:
parent
a98917590f
commit
1c1d6bd29b
@ -73,4 +73,4 @@ def perform_conversion():
|
||||
|
||||
|
||||
if __name__ == '__main__':
|
||||
app.run(debug=True)
|
||||
app.run(debug=True) # nosec: app only launches in debug mode... if it's launched in developement mode
|
||||
|
@ -1,4 +1,5 @@
|
||||
import subprocess
|
||||
import os.path
|
||||
import subprocess # nosec: That's the whole point of this application
|
||||
from flask import current_app
|
||||
import werkzeug.exceptions
|
||||
|
||||
@ -11,11 +12,15 @@ def run_abstract_converter(converter: str, source: str, destination: str) -> int
|
||||
:param destination: destination file
|
||||
:returns: exitcode of the converter
|
||||
"""
|
||||
completed_process = subprocess.run([converter, source, destination],
|
||||
if not (os.path.isfile(source) and os.path.isfile(converter)):
|
||||
raise FileNotFoundError("Source or converter binary does not exists")
|
||||
|
||||
completed_process = subprocess.run([converter, source, destination], # nosec: Concerning arguments checked above
|
||||
timeout=current_app.config['CONVERSION_TIMEOUT'], env={})
|
||||
|
||||
return completed_process.returncode
|
||||
|
||||
|
||||
def convert_caff_to_tga(source: str, destination: str):
|
||||
"""
|
||||
This function uses caff_previewer to convert a CAFF file into a TGA file
|
||||
|
@ -5,7 +5,7 @@ import hashlib
|
||||
|
||||
def write_file_to_fd_while_calculating_md5(fd: int) -> str:
|
||||
chunksize = current_app.config['RECIEVE_CHUNKSIZE']
|
||||
m = hashlib.md5()
|
||||
m = hashlib.md5() # nosec: md5 is used only for integrity checking here
|
||||
|
||||
total_recieved = 0
|
||||
|
||||
@ -28,7 +28,7 @@ def write_file_to_fd_while_calculating_md5(fd: int) -> str:
|
||||
|
||||
|
||||
def create_md5_sum_for_file(fname):
|
||||
m = hashlib.md5()
|
||||
m = hashlib.md5() # nosec: md5 is used only for integrity checking here
|
||||
|
||||
with open(fname, "rb") as f:
|
||||
for chunk in iter(lambda: f.read(4096), b""):
|
||||
|
Loading…
Reference in New Issue
Block a user