GitHub-Proxy/Cura
1
0
Fork 0
mirror of https://git.mirrors.martin98.com/https://github.com/Ultimaker/Cura synced 2025-04-16 18:59:39 +08:00
Code Issues Packages Projects Releases Wiki Activity

Remove working directory from sys.path

Browse Source 
This prevents accidentally loading packages from the working directory that are not in Cura's build.

Contributes to issue CURA-7081.
This commit is contained in:
Ghostkeeper 2020-02-26 17:02:40 +01:00
parent d84bc5c682
commit bbb704ff24
No known key found for this signature in database
GPG Key ID: 37E2020986774393
1 changed files with 10 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
cura_app.py
View File

@ -1,12 +1,20 @@
#!/usr/bin/env python3 #!/usr/bin/env python3
# Copyright (c) 2019 Ultimaker B.V. # Copyright (c) 2020 Ultimaker B.V.
# Cura is released under the terms of the LGPLv3 or higher. # Cura is released under the terms of the LGPLv3 or higher.
# Remove the working directory from sys.path.
# This fixes a security issue where Cura could import Python packages from the
# current working directory, and therefore be made to execute locally installed
# code (e.g. in the user's home directory where AppImages by default run from).
# See issue CURA-7081.
import sys
if "" in sys.path:
sys.path.remove("")
import argparse import argparse
import faulthandler import faulthandler
import os import os
import sys
# Workaround for a race condition on certain systems where there # Workaround for a race condition on certain systems where there
# is a race condition between Arcus and PyQt. Importing Arcus # is a race condition between Arcus and PyQt. Importing Arcus