diff options
author | Kang Kai <kai.kang@windriver.com> | 2012-06-25 16:47:36 +0800 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2012-06-25 14:18:18 +0100 |
commit | fe514a130579302312f68821536d108c8ceb4363 (patch) | |
tree | ef8626a6ec47a5633ac0447c9f9059901d24eb4f | |
parent | 1369bec2404d942acc3618a8d005ec6868dcfd41 (diff) | |
download | bitbake-fe514a130579302312f68821536d108c8ceb4363.tar.gz |
hig.py: use module tempfile to create temp file
I am sorry that use os.tmpname which casue a security warning.
Follow Darren's suggestion to use tempfile.NamedTemporaryFile instead.
Signed-off-by: Kang Kai <kai.kang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
-rw-r--r-- | lib/bb/ui/crumbs/hig.py | 20 |
1 files changed, 8 insertions, 12 deletions
diff --git a/lib/bb/ui/crumbs/hig.py b/lib/bb/ui/crumbs/hig.py index b586b6c27..2001ff424 100644 --- a/lib/bb/ui/crumbs/hig.py +++ b/lib/bb/ui/crumbs/hig.py @@ -28,6 +28,7 @@ import os import re import shlex import subprocess +import tempfile from bb.ui.crumbs.hobcolor import HobColors from bb.ui.crumbs.hobwidget import hcc, hic, HobViewTable, HobInfoButton, HobButton, HobAltButton, HobIconChecker from bb.ui.crumbs.progressbar import HobProgressBar @@ -869,21 +870,16 @@ class DeployImageDialog (CrumbsDialog): if combo_item and combo_item != self.__dummy_usb__ and self.image_path: cmdline = bb.ui.crumbs.utils.which_terminal() if cmdline: - tmpname = os.tmpnam() + tmpfile = tempfile.NamedTemporaryFile() cmdline += "\"sudo dd if=" + self.image_path + \ - " of=" + combo_item + "; echo $? > " + tmpname + "\"" + " of=" + combo_item + "; echo $? > " + tmpfile.name + "\"" subprocess.call(shlex.split(cmdline)) - # if file tmpname not exists, that means there is something wrong with xterm - # user can get the error message from xterm so no more warning need. - if os.path.exists(tmpname): - tmpfile = open(tmpname) - if int(tmpfile.readline().strip()) == 0: - lbl = "<b>Deploy image successfully.</b>" - else: - lbl = "<b>Failed to deploy image.</b>\nPlease check image <b>%s</b> exists and USB device <b>%s</b> is writable." % (self.image_path, combo_item) - tmpfile.close() - os.remove(tmpname) + if int(tmpfile.readline().strip()) == 0: + lbl = "<b>Deploy image successfully.</b>" + else: + lbl = "<b>Failed to deploy image.</b>\nPlease check image <b>%s</b> exists and USB device <b>%s</b> is writable." % (self.image_path, combo_item) + tmpfile.close() else: if not self.image_path: lbl = "<b>No selection made.</b>\nYou have not selected an image to deploy." |