Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: DConfig add check for AppId #416

Merged
merged 1 commit into from
May 13, 2024
Merged

fix: DConfig add check for AppId #416

merged 1 commit into from
May 13, 2024

Conversation

18202781743
Copy link
Contributor

user can open non-root controlled files when appId is relative path.

Issue: https://bugzilla.suse.com/show_bug.cgi?id=1211374

deepin-ci-robot added a commit to linuxdeepin/dtk6core that referenced this pull request May 13, 2024
@deepin-ci-robot
sync: from linuxdeepin/dtkcore
63a89d3 
Synchronize source files from linuxdeepin/dtkcore.

Source-pull-request: linuxdeepin/dtkcore#416
@deepin-ci-robot deepin-ci-robot mentioned this pull request May 13, 2024
Merged
@deepin-bot
Copy link
Contributor

deepin-bot bot commented May 13, 2024

Doc Check bot
🟢 Document Coverage Check Passed!

@deepin-ci-robot
Copy link
Contributor

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: 18202781743, kegechen

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@18202781743 @kegechen
fix: DConfig add check for AppId
c9d83a9 
user can open non-root controlled files when `appId` is relative path.

Issue: https://bugzilla.suse.com/show_bug.cgi?id=1211374
deepin-ci-robot added a commit to linuxdeepin/dtk6core that referenced this pull request May 13, 2024
@deepin-ci-robot
sync: from linuxdeepin/dtkcore
d500bba 
Synchronize source files from linuxdeepin/dtkcore.

Source-pull-request: linuxdeepin/dtkcore#416
@deepin-ci-robot
Copy link
Contributor

deepin pr auto review

关键摘要:

  • isValidAppId 函数中直接使用了 contains(' ') 来检查是否包含空格,这种方法不够健壮,建议使用正则表达式来匹配非法字符。
  • isValidAppId 函数的实现依赖于 isValidFilename 函数,如果 appId 仅包含空格但被认为有效,那么 isValidFilename 可能不会被正确调用。
  • ut_DConfigFileCheckAppId 测试用例中,guard 变量被声明但未使用,应该移除未使用的变量以提高代码清晰度。
  • 测试用例中的 FILE_NAMEnoAppidMetaPath 变量应该是常量或配置项,而不是硬编码的字符串,以提高代码的可维护性。
  • 测试用例 std::tuple{QString("org foo"), false} 中的 false 应该是一个变量或者常量,而不是硬编码的值。

是否建议立即修改:

@18202781743 18202781743 merged commit 5f6d336 into linuxdeepin:master May 13, 2024
20 of 21 checks passed
18202781743 pushed a commit to linuxdeepin/dtk6core that referenced this pull request May 13, 2024
@deepin-ci-robot @18202781743
sync: from linuxdeepin/dtkcore
a229eff 
Synchronize source files from linuxdeepin/dtkcore.

Source-pull-request: linuxdeepin/dtkcore#416
zccrs
zccrs reviewed May 14, 2024
View reviewed changes
Copy link
Member

@zccrs zccrs left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Maybe should use regexp

src/dconfigfile.cpp Show resolved Hide resolved
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@zccrs zccrs zccrs left review comments

@kegechen kegechen kegechen approved these changes

@FeiWang1119 FeiWang1119 Awaiting requested review from FeiWang1119

@BLumia BLumia Awaiting requested review from BLumia

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@18202781743 @deepin-ci-robot @zccrs @kegechen