avocado.aexpect: Don't use a predictable, non system wide tmp dir

Instead of using /tmp/aexpect, use per aexpect instance directories, tied to their aexpect ids (that are randomly generated). This way we fix the potential security issue, and also, clean up more efficiently the aexpect tmp files (all is gone upon the .close() method happens, or garbage collection - whatever happens first). Put a DEBUG flag on the aexpect module, that will leave the tmp files in case people want to debug the code. Signed-off-by: N Lucas Meneghel Rodrigues <lmr@redhat.com>

avocado.aexpect: Don't use a predictable, non system wide tmp dir
Instead of using /tmp/aexpect, use per aexpect instance directories, tied to their aexpect ids (that are randomly generated). This way we fix the potential security issue, and also, clean up more efficiently the aexpect tmp files (all is gone upon the .close() method happens, or garbage collection - whatever happens first). Put a DEBUG flag on the aexpect module, that will leave the tmp files in case people want to debug the code. Signed-off-by: N Lucas Meneghel Rodrigues <lmr@redhat.com>
6b47de3d · Lucas Meneghel Rodrigues · 5150fe9d · 6b47de3d
隐藏空白更改
内联并排

Showing with 10 addition and 17 deletion

avocado/aexpect.py avocado/aexpect.py +10 -17

未找到文件。
--- a/avocado/aexpect.py
+++ b/avocado/aexpect.py
@@ -15,15 +15,11 @@ import tempfile
 import logging
 import shutil

-BASE_DIR = os.path.join('/tmp', 'aexpect')
-
-
-def clean_tmp_files():
-    """
-    Remove all aexpect temporary files.
-    """
-    if os.path.isdir(BASE_DIR):
-        shutil.rmtree(BASE_DIR, ignore_errors=True)
+BASE_DIR = os.environ.get('TMPDIR', '/tmp')
+# If you want to debug problems with your aexpect instances, setting
+# DEBUG = True will leave the temporary files created by aexpect around
+# so you can look at them.
+DEBUG = False

 # The following helper functions are shared by the server and the client.

@@ -88,14 +84,14 @@ def _makestandard(shell_fd, echo):


 def _get_filenames(base_dir, a_id):
-    return [os.path.join(base_dir, a_id, s) for s in
+    return [os.path.join(base_dir, 'aexpect_%s' % a_id, s) for s in
            "shell-pid", "status", "output", "inpipe", "ctrlpipe",
            "lock-server-running", "lock-client-starting",
            "server-log"]


 def _get_reader_filename(base_dir, a_id, reader):
-    return os.path.join(base_dir, a_id, "outpipe-%s" % reader)
+    return os.path.join(base_dir, 'aexpect_%s' % a_id, "outpipe-%s" % reader)


 # The following is the server part of the module.
@@ -527,7 +523,7 @@ class Spawn(object):
        self.a_id = a_id or data_factory.generate_random_string(8)
        self.log_file = None

-        base_dir = os.path.join(BASE_DIR, self.a_id)
+        base_dir = os.path.join(BASE_DIR, 'aexpect_%s' % self.a_id)

        # Define filenames for communication with server
        try:
@@ -751,11 +747,8 @@ class Spawn(object):
        self._close_reader_fds()
        self.reader_fds = {}
        # Remove all used files
-        for filename in (_get_filenames(BASE_DIR, self.a_id)):
-            try:
-                os.unlink(filename)
-            except OSError:
-                pass
+        if not DEBUG:
+            shutil.rmtree(os.path.join(BASE_DIR, 'aexpect_%s' % self.a_id))

    def set_linesep(self, linesep):
        """