Apply code changes: @orbisai0security can you address the code review ...

2026-04-08 03:21:01 +00:00 · 2026-04-08 03:21:01 +00:00 · 3e00b3b8b0
commit 3e00b3b8b0
parent 4c97c0a4a7
2 changed files with 15 additions and 12 deletions
--- a/build.py
+++ b/build.py
@ -1,7 +1,6 @@
 #!/usr/bin/env python3

 import os
-import shlex
 import subprocess
 import pathlib
 import platform
@ -41,8 +40,10 @@ def get_deb_extra_depends() -> str:
    return ""

 def system2(cmd):
-    args = cmd if isinstance(cmd, list) else shlex.split(cmd)
-    exit_code = subprocess.call(args)
+    if isinstance(cmd, list):
+        exit_code = subprocess.call(cmd)
+    else:
+        exit_code = subprocess.call(cmd, shell=True)
    if exit_code != 0:
        sys.stderr.write(f"Error occurred when executing: `{cmd}`. Exiting.\n")
        sys.exit(-1)
@ -618,13 +619,13 @@ def main():
                    'cp res/rustdesk.desktop tmpdeb/usr/share/applications/rustdesk.desktop')
                system2(
                    'cp res/rustdesk-link.desktop tmpdeb/usr/share/applications/rustdesk-link.desktop')
-                os.system('mkdir -p tmpdeb/etc/rustdesk/')
-                os.system('cp -a res/startwm.sh tmpdeb/etc/rustdesk/')
-                os.system('mkdir -p tmpdeb/etc/X11/rustdesk/')
-                os.system('cp res/xorg.conf tmpdeb/etc/X11/rustdesk/')
-                os.system('cp -a DEBIAN/* tmpdeb/DEBIAN/')
-                os.system('mkdir -p tmpdeb/etc/pam.d/')
-                os.system('cp pam.d/rustdesk.debian tmpdeb/etc/pam.d/rustdesk')
+                system2('mkdir -p tmpdeb/etc/rustdesk/')
+                system2('cp -a res/startwm.sh tmpdeb/etc/rustdesk/')
+                system2('mkdir -p tmpdeb/etc/X11/rustdesk/')
+                system2('cp res/xorg.conf tmpdeb/etc/X11/rustdesk/')
+                system2('cp -a DEBIAN/* tmpdeb/DEBIAN/')
+                system2('mkdir -p tmpdeb/etc/pam.d/')
+                system2('cp pam.d/rustdesk.debian tmpdeb/etc/pam.d/rustdesk')
                system2('strip tmpdeb/usr/bin/rustdesk')
                system2('mkdir -p tmpdeb/usr/share/rustdesk')
                system2('mv tmpdeb/usr/bin/rustdesk tmpdeb/usr/share/rustdesk/')
--- a/libs/portable/generate.py
+++ b/libs/portable/generate.py
@ -67,7 +67,8 @@ def write_app_metadata(output_folder: str):
    print(f"App metadata has been written to {output_path}")

 # Allowlist pattern for valid cargo target triples (e.g. x86_64-unknown-linux-gnu)
-_VALID_TARGET_RE = re.compile(r'^[A-Za-z0-9_\-]+$')
+# and JSON target spec paths (e.g. ./targets/my-target.json)
+_VALID_TARGET_RE = re.compile(r'^[A-Za-z0-9_.\-/\\]+$')


 def build_portable(output_folder: str, target: str):
@ -76,7 +77,8 @@ def build_portable(output_folder: str, target: str):
        if not _VALID_TARGET_RE.match(target):
            raise ValueError(
                f"Invalid --target value {target!r}. "
-                "Only alphanumeric characters, hyphens, and underscores are allowed."
+                "Only alphanumeric characters, hyphens, underscores, dots, "
+                "and path separators (/ or \\) are allowed."
            )
        subprocess.run(["cargo", "build", "--release", "--target", target], check=True)
    else: