[checkmk-commits] tar handling: Cleaned up subprocess involving shell; Using standard StringIO() instead of own buffer object

Module: check_mk Branch: master Commit: e45a7e631a7cabd2653a0142069a99ee033c87d9 URL: http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=e45a7e631a7cab… Author: Lars Michelsen <lm(a)mathias-kettner.de> Date: Fri Nov 11 14:15:36 2016 +0100 tar handling: Cleaned up subprocess involving shell; Using standard StringIO() instead of own buffer object --- bandit.yaml | 2 +- cmk_base/agent_simulator.py | 2 +- web/htdocs/multitar.py | 25 ++++++++----------------- 3 files changed, 10 insertions(+), 19 deletions(-) diff --git a/bandit.yaml b/bandit.yaml index de70674..b655c6b 100644 --- a/bandit.yaml +++ b/bandit.yaml @@ -86,7 +86,7 @@ exclude_dirs: tests: # (optional) list skipped test IDs here, eg '[B101, B406]': -skips: +skips: [B404] ### (optional) plugin settings - some test plugins require configuration data ### that may be given here, per-plugin. All bandit test plugins have a built in diff --git a/cmk_base/agent_simulator.py b/cmk_base/agent_simulator.py index bb6d953..6cc838a 100644 --- a/cmk_base/agent_simulator.py +++ b/cmk_base/agent_simulator.py @@ -42,7 +42,7 @@ def process(output): if e == -1: break simfunc = output[i+2 : e] - replacement = str(eval("agentsim_" + simfunc)) + replacement = str(eval("agentsim_" + simfunc)) # nosec output = output[:i] + replacement + output[e+1:] except Exception, e: if cmk.debug.enabled(): diff --git a/web/htdocs/multitar.py b/web/htdocs/multitar.py index 7e7c205..37b6dcb 100644 --- a/web/htdocs/multitar.py +++ b/web/htdocs/multitar.py @@ -29,23 +29,10 @@ import cmk.paths import os, tarfile, time, shutil, cStringIO, grp +import subprocess import traceback from lib import * -class fake_file: - def __init__(self, content): - self.content = content - self.pointer = 0 - - def size(self): - return len(self.content) - - def read(self, size): - new_end = self.pointer + size - data = self.content[self.pointer:new_end] - self.pointer = new_end - return data - def create(filename, components): tar = tarfile.open(filename, "w:gz") for what, name, path in components: @@ -58,8 +45,11 @@ def create(filename, components): basedir = os.path.dirname(abspath) filename = os.path.basename(abspath) subtarname = name + ".tar" - subdata = os.popen("tar cf - --dereference --force-local -C '%s' '%s'" % \ - (basedir, filename)).read() + + subdata = subprocess.check_output([ + "tar", "cf", "-", "--dereference", "--force-local", + "-C", basedir, filename + ]) info = tarfile.TarInfo(subtarname) info.mtime = time.time() @@ -69,7 +59,8 @@ def create(filename, components): info.mode = 0644 info.type = tarfile.REGTYPE info.name = subtarname - tar.addfile(info, fake_file(subdata)) + + tar.addfile(info, cStringIO.StringIO(subdata)) def extract_from_buffer(buffer, elements): stream = cStringIO.StringIO()