3D-printing/Cura
1
0
Fork 0
mirror of https://github.com/Ultimaker/Cura.git synced 2025-07-25 15:44:04 -06:00
Code Issues Projects Releases Packages Wiki Activity Actions 10

Merge pull request #7179 from Ultimaker/CURA-7081_prevent_sys_path_relative

Browse source 
Remove working directory from sys.path
This commit is contained in:
Nino van Hooff 2020-03-03 10:34:34 +01:00 committed by GitHub
commit d9509d25ba
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 10 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

12
cura_app.py
View file

@ -1,12 +1,20 @@
#!/usr/bin/env python3 #!/usr/bin/env python3
# Copyright (c) 2019 Ultimaker B.V. # Copyright (c) 2020 Ultimaker B.V.
# Cura is released under the terms of the LGPLv3 or higher. # Cura is released under the terms of the LGPLv3 or higher.
# Remove the working directory from sys.path.
# This fixes a security issue where Cura could import Python packages from the
# current working directory, and therefore be made to execute locally installed
# code (e.g. in the user's home directory where AppImages by default run from).
# See issue CURA-7081.
import sys
if "" in sys.path:
sys.path.remove("")
import argparse import argparse
import faulthandler import faulthandler
import os import os
import sys
# Workaround for a race condition on certain systems where there # Workaround for a race condition on certain systems where there
# is a race condition between Arcus and PyQt. Importing Arcus # is a race condition between Arcus and PyQt. Importing Arcus