From 5140cc230d9acc7b9bda60caa5174c60a4eeec0b Mon Sep 17 00:00:00 2001 From: Liu Zheng Date: Fri, 6 Sep 2024 16:34:55 +0800 Subject: [PATCH] fix: bash command hardening bash command hardening Log: bash command hardening Task: https://pms.uniontech.com/task-view-362031.html --- src/libdbm/util/utils.cpp | 86 ++++++++++++++++----------------------- 1 file changed, 35 insertions(+), 51 deletions(-) diff --git a/src/libdbm/util/utils.cpp b/src/libdbm/util/utils.cpp index ee3d306b..d92ae027 100644 --- a/src/libdbm/util/utils.cpp +++ b/src/libdbm/util/utils.cpp @@ -14,7 +14,7 @@ #include #include #ifdef Q_OS_WIN32 -#include +# include #endif static void initQRC() @@ -28,12 +28,12 @@ static void initQRC() namespace Utils { -bool isUft8(const QByteArray& byArr) +bool isUft8(const QByteArray &byArr) { - unsigned int nBytes = 0;//UFT8可用1-6个字节编码,ASCII用一个字节 + unsigned int nBytes = 0; //UFT8可用1-6个字节编码,ASCII用一个字节 bool bAllAscii = true; - for (int i = 0; i < byArr.length(); ++i) { + for (int i = 0; i < byArr.length(); ++i) { unsigned char chr = static_cast(byArr.at(i)); //ASCII码高位为0 @@ -46,27 +46,21 @@ bool isUft8(const QByteArray& byArr) if (chr >= 0x80) { if (chr >= 0xFC && chr <= 0xFD) { nBytes = 6; - } - else if (chr >= 0xF8) { + } else if (chr >= 0xF8) { nBytes = 5; - } - else if (chr >= 0xF0) { + } else if (chr >= 0xF0) { nBytes = 4; - } - else if (chr >= 0xE0) { + } else if (chr >= 0xE0) { nBytes = 3; - } - else if (chr >= 0xC0) { + } else if (chr >= 0xC0) { nBytes = 2; - } - else { + } else { return false; } nBytes--; } - } - else { + } else { if ((chr & 0xC0) != 0x80) { return false; } @@ -75,23 +69,23 @@ bool isUft8(const QByteArray& byArr) } } - if (nBytes != 0) { + if (nBytes != 0) { return false; } - if (bAllAscii) { //如果全部都是ASCII, 也是UTF8 + if (bAllAscii) { //如果全部都是ASCII, 也是UTF8 return true; } return true; } -bool isGBK(const QByteArray& byArr) +bool isGBK(const QByteArray &byArr) { unsigned int nBytes = 0; bool bAllAscii = true; - for (int i = 0; i < byArr.length(); ++i) { + for (int i = 0; i < byArr.length(); ++i) { unsigned char chr = static_cast(byArr.at(i)); //ASCII码高位为0 @@ -103,16 +97,14 @@ bool isGBK(const QByteArray& byArr) if (chr >= 0x80) { if (chr >= 0x81 && chr <= 0xFE) { nBytes = +2; - } - else { + } else { return false; } nBytes--; } - } - else { - if (chr < 0x40 || chr>0xFE) { + } else { + if (chr < 0x40 || chr > 0xFE) { return false; } @@ -120,11 +112,11 @@ bool isGBK(const QByteArray& byArr) } } - if (nBytes != 0) {//违返规则 + if (nBytes != 0) { //违返规则 return false; } - if (bAllAscii){ //如果全部都是ASCII, 也是GBK + if (bAllAscii) { //如果全部都是ASCII, 也是GBK return true; } @@ -144,16 +136,16 @@ void loadTranslate() QString tnapplang; QString tnappcoun; QString clangcode = ""; - QStringList allappargs = qApp->arguments(); - QList > oppairs; + QStringList allappargs = qApp->arguments(); + QList> oppairs; for (QList::const_iterator i = allappargs.constBegin(); i < allappargs.constEnd(); ++i) { if (i->count('=') == 1) { - oppairs.append(QPair (i->section('=', 0, 0).simplified(), i->section('=', 1, 1).simplified())); + oppairs.append(QPair(i->section('=', 0, 0).simplified(), i->section('=', 1, 1).simplified())); } } - for (QList >::const_iterator i = oppairs.constBegin(); i < oppairs.constEnd(); ++i) { + for (QList>::const_iterator i = oppairs.constBegin(); i < oppairs.constEnd(); ++i) { if (i->first.contains("lang", Qt::CaseInsensitive)) { clangcode = i->second; tnapplang = clangcode.left(2); @@ -184,7 +176,6 @@ void loadTranslate() tranlateUrl = QString(":/translations/deepin-boot-maker_%1.qm").arg(tnapplang); } - if (!QFile::exists(tranlateUrl)) { tranlateUrl = ":/translations/deepin-boot-maker.qm"; } @@ -245,7 +236,7 @@ void ClearTargetDev(const QString &targetPath) QMap CommandDfParse() { QProcess df; - df.start("df", QStringList{"-k", "--output=source,used,avail"}); + df.start("df", QStringList { "-k", "--output=source,used,avail" }); df.waitForFinished(-1); QString dfout = df.readAll(); @@ -263,7 +254,7 @@ QMap CommandDfParse() continue; } devInfo.used = static_cast(infos.at(1).toInt() / 1024); - devInfo.total = static_cast((infos.at(2).toInt() + infos.at(1).toInt()) / 1024) ; + devInfo.total = static_cast((infos.at(2).toInt() + infos.at(1).toInt()) / 1024); qDebug() << "device path" << devInfo.path << "used: " << devInfo.used << "total: " << devInfo.total; deviceInfos.insert(devInfo.path, devInfo); } @@ -300,7 +291,7 @@ static QByteArray unescapeLimited(const QString &str) QMap CommandLsblkParse() { QProcess lsblk; - lsblk.start("lsblk", QStringList{"-b", "-p", "-P", "-o", "name,label,size,uuid,fstype,type"}); + lsblk.start("lsblk", QStringList { "-b", "-p", "-P", "-o", "name,label,size,uuid,fstype,type" }); lsblk.waitForFinished(-1); QString line; DeviceInfo info; @@ -327,8 +318,7 @@ QMap CommandLsblkParse() if (!type.compare("disk")) { diskDevPath = info.path; isPart = false; - } - else if (!type.compare("part")){ + } else if (!type.compare("part")) { isPart = true; } else { diskDevPath = ""; @@ -342,11 +332,9 @@ QMap CommandLsblkParse() if (isUft8(byArr)) { strLabel = QTextCodec::codecForName("UTF-8")->toUnicode(byArr); - } - else if(isGBK(byArr)) { + } else if (isGBK(byArr)) { strLabel = QTextCodec::codecForName("GBK")->toUnicode(byArr); - } - else { + } else { strLabel = QString::fromLocal8Bit(byArr); } @@ -360,20 +348,19 @@ QMap CommandLsblkParse() info.isDisk = false; info.strDev = diskDevPath; deviceInfos[diskDevPath].children.insert(info.path, info); - } else { // 否则就是 part, 如sdb。 + } else { // 否则就是 part, 如sdb。 info.isDisk = true; info.strDev = ""; deviceInfos.insert(info.path, info); // 记录当前是part的情况 currentPartPath = info.path; } - } while(true); + } while (true); return deviceInfos; } #endif - bool CheckInstallDisk(const QString &targetDev) { qDebug() << "CheckInstallDisk"; @@ -409,7 +396,7 @@ bool CheckInstallDisk(const QString &targetDev) bool isUsbDisk(const QString &dev) { QString out = XSys::FS::TmpFilePath("diskutil_isusb_out"); - XSys::SynExec("bash", QString("-c \" diskutil info %1 > \"%2\" \" ").arg(dev).arg(out)); + XSys::SynExec("diskutil", QString(" \" info %1 > \"%2\" \" ").arg(dev).arg(out)); QFile outfile(out); outfile.open(QIODevice::ReadOnly); QString info = outfile.readAll(); @@ -427,9 +414,7 @@ QList ListUsbDrives() for (int i = 0; i < extdrivesList.size(); ++i) { QString deviceLetter = extdrivesList.at(i).path().toUpper(); - if (QDir::toNativeSeparators(deviceLetter) != QDir::toNativeSeparators(QDir::rootPath().toUpper()) && !QDir::toNativeSeparators(deviceLetter) - .contains("A:") && !QDir::toNativeSeparators(deviceLetter) - .contains("B:")) { + if (QDir::toNativeSeparators(deviceLetter) != QDir::toNativeSeparators(QDir::rootPath().toUpper()) && !QDir::toNativeSeparators(deviceLetter).contains("A:") && !QDir::toNativeSeparators(deviceLetter).contains("B:")) { if (GetDriveType(LPWSTR(deviceLetter.utf16())) == 2) { DeviceInfo info; @@ -470,8 +455,7 @@ QList ListUsbDrives() if (partitionInfo.fstype != "vfat") { needformat = true; - } - else { + } else { needformat = false; } @@ -493,7 +477,7 @@ QList ListUsbDrives() #ifdef Q_OS_MAC QStringList fulldrivelist; QString out = XSys::FS::TmpFilePath("diskutil_out"); - XSys::SynExec("bash", QString("-c \" diskutil list > \"%1\" \" ").arg(out)); + XSys::SynExec("diskutil", QString(" \" list > \"%1\" \" ").arg(out)); QFile outfile(out); outfile.open(QIODevice::ReadOnly); QString diskutilList = outfile.readAll();