Browse Source

Use python isolate mode

This (more or less) avoids user's environment variables tampering the
search process.
And also remove usages of `eval()` and `exec()`.

PR #18995.
adaptive-webui-19844
Chocobo1 1 year ago committed by GitHub
parent
commit
4ef8f39f23
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
  1. 1
      src/base/search/searchdownloadhandler.cpp
  2. 1
      src/base/search/searchhandler.cpp
  3. 7
      src/base/search/searchpluginmanager.cpp
  4. 3
      src/base/utils/foreignapps.h
  5. 19
      src/searchengine/nova3/nova2.py
  6. 24
      src/searchengine/nova3/nova2dl.py

1
src/base/search/searchdownloadhandler.cpp

@ -46,6 +46,7 @@ SearchDownloadHandler::SearchDownloadHandler(const QString &siteUrl, const QStri @@ -46,6 +46,7 @@ SearchDownloadHandler::SearchDownloadHandler(const QString &siteUrl, const QStri
, this, &SearchDownloadHandler::downloadProcessFinished);
const QStringList params
{
Utils::ForeignApps::PYTHON_ISOLATE_MODE_FLAG,
(SearchPluginManager::engineLocation() / Path(u"nova2dl.py"_qs)).toString(),
siteUrl,
url

1
src/base/search/searchhandler.cpp

@ -73,6 +73,7 @@ SearchHandler::SearchHandler(const QString &pattern, const QString &category, co @@ -73,6 +73,7 @@ SearchHandler::SearchHandler(const QString &pattern, const QString &category, co
const QStringList params
{
Utils::ForeignApps::PYTHON_ISOLATE_MODE_FLAG,
(SearchPluginManager::engineLocation() / Path(u"nova2.py"_qs)).toString(),
m_usedPlugins.join(u','),
m_category

7
src/base/search/searchpluginmanager.cpp

@ -509,7 +509,12 @@ void SearchPluginManager::update() @@ -509,7 +509,12 @@ void SearchPluginManager::update()
QProcess nova;
nova.setProcessEnvironment(QProcessEnvironment::systemEnvironment());
const QStringList params {(engineLocation() / Path(u"/nova2.py"_qs)).toString(), u"--capabilities"_qs};
const QStringList params
{
Utils::ForeignApps::PYTHON_ISOLATE_MODE_FLAG,
(engineLocation() / Path(u"/nova2.py"_qs)).toString(),
u"--capabilities"_qs
};
nova.start(Utils::ForeignApps::pythonInfo().executableName, params, QIODevice::ReadOnly);
nova.waitForFinished();

3
src/base/utils/foreignapps.h

@ -31,10 +31,13 @@ @@ -31,10 +31,13 @@
#include <QString>
#include "base/global.h"
#include "base/utils/version.h"
namespace Utils::ForeignApps
{
inline const QString PYTHON_ISOLATE_MODE_FLAG = u"-I"_qs;
struct PythonInfo
{
using Version = Utils::Version<3, 1>;

19
src/searchengine/nova3/nova2.py

@ -1,4 +1,4 @@ @@ -1,4 +1,4 @@
#VERSION: 1.43
#VERSION: 1.44
# Author:
# Fabien Devaux <fab AT gnux DOT info>
@ -33,11 +33,13 @@ @@ -33,11 +33,13 @@
# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
# POSSIBILITY OF SUCH DAMAGE.
import importlib
import pathlib
import sys
import urllib.parse
from os import path
from glob import glob
from sys import argv
from multiprocessing import Pool, cpu_count
from os import path
THREADED = True
try:
@ -70,9 +72,7 @@ def initialize_engines(): @@ -70,9 +72,7 @@ def initialize_engines():
continue
try:
# import engines.[engine]
engine_module = __import__(".".join(("engines", engi)))
# get low-level module
engine_module = getattr(engine_module, engi)
engine_module = importlib.import_module("engines." + engi)
# bind class name
globals()[engi] = getattr(engine_module, engi)
supported_engines.append(engi)
@ -143,6 +143,11 @@ def run_search(engine_list): @@ -143,6 +143,11 @@ def run_search(engine_list):
def main(args):
# qbt tend to run this script in 'isolate mode' so append the current path manually
current_path = str(pathlib.Path(__file__).parent.resolve())
if current_path not in sys.path:
sys.path.append(current_path)
supported_engines = initialize_engines()
if not args:
@ -187,4 +192,4 @@ def main(args): @@ -187,4 +192,4 @@ def main(args):
if __name__ == "__main__":
main(argv[1:])
main(sys.argv[1:])

24
src/searchengine/nova3/nova2dl.py

@ -1,4 +1,4 @@ @@ -1,4 +1,4 @@
#VERSION: 1.22
#VERSION: 1.23
# Author:
# Christophe DUMEZ (chris@qbittorrent.org)
@ -27,9 +27,17 @@ @@ -27,9 +27,17 @@
# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
# POSSIBILITY OF SUCH DAMAGE.
import sys
import os
import glob
import importlib
import os
import pathlib
import sys
# qbt tend to run this script in 'isolate mode' so append the current path manually
current_path = str(pathlib.Path(__file__).parent.resolve())
if current_path not in sys.path:
sys.path.append(current_path)
from helpers import download_file
supported_engines = dict()
@ -42,8 +50,10 @@ for engine in engines: @@ -42,8 +50,10 @@ for engine in engines:
if e.startswith('_'):
continue
try:
exec("from engines.%s import %s" % (e, e))
exec("engine_url = %s.url" % e)
module = importlib.import_module("engines." + e)
engine_class = getattr(module, e)
globals()[e] = engine_class
engine_url = getattr(engine_class, 'url')
supported_engines[engine_url] = e
except Exception:
pass
@ -53,9 +63,9 @@ if __name__ == '__main__': @@ -53,9 +63,9 @@ if __name__ == '__main__':
raise SystemExit('./nova2dl.py engine_url download_parameter')
engine_url = sys.argv[1].strip()
download_param = sys.argv[2].strip()
if engine_url not in list(supported_engines.keys()):
if engine_url not in supported_engines.keys():
raise SystemExit('./nova2dl.py: this engine_url was not recognized')
exec("engine = %s()" % supported_engines[engine_url])
engine = globals()[supported_engines[engine_url]]()
if hasattr(engine, 'download_torrent'):
engine.download_torrent(download_param)
else:

Loading…
Cancel
Save