Refuse to listen to QT_PLUGIN_PATH.

We don't need it ourselves, and it's a potentially serious attack vector. CURA-8475
2025-08-11 19:29:06 +08:00 · 2022-01-07 19:12:36 +01:00 · 2022-01-07 19:12:36 +01:00 · c849cf8e88
commit c849cf8e88
parent 25ec588754
1 changed files with 1 additions and 0 deletions
--- a/cura_app.py
+++ b/cura_app.py
@ -15,6 +15,7 @@ if "" in sys.path:
 import argparse
 import faulthandler
 import os
+os.environ["QT_PLUGIN_PATH"] = ""  # Security workaround: Don't need it, and introduces an attack vector, so set to nul.

 from PyQt5.QtNetwork import QSslConfiguration, QSslSocket