Cutlery/calibre
1
0
Fork 0
mirror of https://github.com/kovidgoyal/calibre.git synced 2025-07-09 03:04:10 -04:00
Code Issues Packages Projects Releases Wiki Activity

When detecting plugin zip safety dont use a hardcoded list of native code extensions

Browse Source
This commit is contained in:
Kovid Goyal 2021-01-11 07:19:25 +05:30
parent 31a1ce8d4a
commit e91ebda5e8
No known key found for this signature in database
GPG Key ID: 06BC317B515ACE7C
1 changed files with 20 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
src/calibre/customize/__init__.py
View File

@ -278,14 +278,17 @@ class Plugin(object): # {{{
''' '''
if self.plugin_path is not None: if self.plugin_path is not None:
from calibre.utils.zipfile import ZipFile from calibre.utils.zipfile import ZipFile
zf = ZipFile(self.plugin_path) from importlib.machinery import EXTENSION_SUFFIXES
extensions = {x.rpartition('.')[-1].lower() for x in with ZipFile(self.plugin_path) as zf:
zf.namelist()} extensions = {x.lower() for x in EXTENSION_SUFFIXES}
zip_safe = True zip_safe = True
for ext in ('pyd', 'so', 'dll', 'dylib'): for name in zf.namelist():
if ext in extensions: for q in extensions:
if name.endswith(q):
zip_safe = False zip_safe = False
break break
if not zip_safe:
break
if zip_safe: if zip_safe:
sys.path.insert(0, self.plugin_path) sys.path.insert(0, self.plugin_path)
self.sys_insertion_path = self.plugin_path self.sys_insertion_path = self.plugin_path
@ -295,7 +298,6 @@ class Plugin(object): # {{{
self.sys_insertion_path = self._sys_insertion_tdir.__enter__(*args) self.sys_insertion_path = self._sys_insertion_tdir.__enter__(*args)
zf.extractall(self.sys_insertion_path) zf.extractall(self.sys_insertion_path)
sys.path.insert(0, self.sys_insertion_path) sys.path.insert(0, self.sys_insertion_path)
zf.close()
def __exit__(self, *args): def __exit__(self, *args):
ip, it = getattr(self, 'sys_insertion_path', None), getattr(self, ip, it = getattr(self, 'sys_insertion_path', None), getattr(self,