From c2d29a2d0f3d2f16ac947511eec4cbeba8f3d33b Mon Sep 17 00:00:00 2001 From: Intel A80486DX2-66 Date: Mon, 26 Aug 2024 22:44:58 +0300 Subject: [PATCH] b/c...py: secure input and output files Do not use environmental variables `INPUT_FILE` and `OUTPUT_FILE` --- bytebeat_compiler.py | 22 +++++++++------------- 1 file changed, 9 insertions(+), 13 deletions(-) diff --git a/bytebeat_compiler.py b/bytebeat_compiler.py index 1a89995..1fe338e 100644 --- a/bytebeat_compiler.py +++ b/bytebeat_compiler.py @@ -5,7 +5,7 @@ if __name__ == "__main__": from argparse import ArgumentParser from os import environ, makedirs, name as os_name, rename -from os.path import basename, exists, join as path_join +from os.path import exists, join as path_join from shlex import join as command_line_join, split as command_line_split from shutil import which from sys import stdin, stdout @@ -47,9 +47,7 @@ DEFAULT_PARAMETERS = { "CC": "cc", "CFLAGS": "-Ofast -march=native -mtune=native -Wall -Wextra -Wpedantic " "-pedantic -Wno-unused-variable -Wno-unused-but-set-variable " - "-Wno-dangling-else -Wno-parentheses -std=c99", - "INPUT_FILE": PATHS["substitute_kept"], - "OUTPUT_FILE": PATHS["output_kept"] + "-Wno-dangling-else -Wno-parentheses -std=c99" } stdout_atty = hasattr(stdout, "isatty") and stdout.isatty() @@ -112,8 +110,6 @@ if os_name == "nt": ] CFLAGS = fetch("CFLAGS") -INPUT_FILE = fetch("INPUT_FILE") -OUTPUT_FILE = fetch("OUTPUT_FILE") if extra := fetch("CFLAGS_EXTRA"): CFLAGS += " " + extra @@ -144,8 +140,8 @@ if __name__ == "__main__": parser = ArgumentParser(description=\ "Substitutes supplied C (non-JavaScript!) bytebeat into the template, " "then attempts to compile the instance of the template. Accepts " - "environmental variables `CC`, `CFLAGS`, `INPUT_FILE`, `OUTPUT_FILE`. " - "`CFLAGS_EXTRA` can be used to add to default `CFLAGS`.") + "environmental variables `CC`, `CFLAGS`. `CFLAGS_EXTRA` can be used to " + "add to default `CFLAGS`.") parser.add_argument("file", type=str, help="bytebeat formula file (use `-` to read from stdin)") parser.add_argument("-o", "--output", default="output.wav", type=str, @@ -351,9 +347,9 @@ if __name__ == "__main__": "CC.") with TemporaryDirectory() as tmpdirname: - temporary_path = lambda path: path_join(tmpdirname, basename(path)) + temporary_path = lambda path: path_join(tmpdirname, path) - substitute_temp = temporary_path(INPUT_FILE) + substitute_temp = temporary_path(PATHS["substitute"]) rewrite_file(substitute_temp, substitute_vars({ "bytebeat_contents": bytebeat_contents, "output_file": C_str_repr(args.output), @@ -384,7 +380,7 @@ if __name__ == "__main__": # Compile print("Compiling") - output_file_temp = temporary_path(OUTPUT_FILE) + output_file_temp = temporary_path(PATHS["output"]) run_command( CC, @@ -399,5 +395,5 @@ if __name__ == "__main__": if args.keep_files: makedirs(PATHS["bin_dir"], exist_ok=True) - rename(substitute_temp, INPUT_FILE) - rename(output_file_temp, OUTPUT_FILE) + rename(substitute_temp, PATHS["substitute_kept"]) + rename(output_file_temp, PATHS["output_kept"])