Fixed security issues

This commit is contained in:
Pünkösd Marcell 2020-11-27 16:01:23 +01:00
parent a98917590f
commit 1c1d6bd29b
3 changed files with 10 additions and 5 deletions

View File

@ -73,4 +73,4 @@ def perform_conversion():
if __name__ == '__main__': if __name__ == '__main__':
app.run(debug=True) app.run(debug=True) # nosec: app only launches in debug mode... if it's launched in developement mode

View File

@ -1,4 +1,5 @@
import subprocess import os.path
import subprocess # nosec: That's the whole point of this application
from flask import current_app from flask import current_app
import werkzeug.exceptions import werkzeug.exceptions
@ -11,11 +12,15 @@ def run_abstract_converter(converter: str, source: str, destination: str) -> int
:param destination: destination file :param destination: destination file
:returns: exitcode of the converter :returns: exitcode of the converter
""" """
completed_process = subprocess.run([converter, source, destination], if not (os.path.isfile(source) and os.path.isfile(converter)):
raise FileNotFoundError("Source or converter binary does not exists")
completed_process = subprocess.run([converter, source, destination], # nosec: Concerning arguments checked above
timeout=current_app.config['CONVERSION_TIMEOUT'], env={}) timeout=current_app.config['CONVERSION_TIMEOUT'], env={})
return completed_process.returncode return completed_process.returncode
def convert_caff_to_tga(source: str, destination: str): def convert_caff_to_tga(source: str, destination: str):
""" """
This function uses caff_previewer to convert a CAFF file into a TGA file This function uses caff_previewer to convert a CAFF file into a TGA file

View File

@ -5,7 +5,7 @@ import hashlib
def write_file_to_fd_while_calculating_md5(fd: int) -> str: def write_file_to_fd_while_calculating_md5(fd: int) -> str:
chunksize = current_app.config['RECIEVE_CHUNKSIZE'] chunksize = current_app.config['RECIEVE_CHUNKSIZE']
m = hashlib.md5() m = hashlib.md5() # nosec: md5 is used only for integrity checking here
total_recieved = 0 total_recieved = 0
@ -28,7 +28,7 @@ def write_file_to_fd_while_calculating_md5(fd: int) -> str:
def create_md5_sum_for_file(fname): def create_md5_sum_for_file(fname):
m = hashlib.md5() m = hashlib.md5() # nosec: md5 is used only for integrity checking here
with open(fname, "rb") as f: with open(fname, "rb") as f:
for chunk in iter(lambda: f.read(4096), b""): for chunk in iter(lambda: f.read(4096), b""):