core: sanitize environment and paths from user data

cherry-picked from the fix for #242
This commit is contained in:
Vaxry 2024-07-22 13:32:39 +02:00 committed by Mihai Fufezan
parent 57ab6df950
commit 84a9cdca3a
Signed by: fufexan
SSH key fingerprint: SHA256:SdnKmEpJrDu1+2UO1QpB/Eg4HKcdDi6n+xSRqFNJVpg
6 changed files with 33 additions and 22 deletions

View file

@ -3,8 +3,7 @@
#include <iostream>
#include <string>
enum eLogLevel
{
enum eLogLevel {
TRACE = 0,
INFO,
LOG,

View file

@ -6,6 +6,8 @@
#include <regex>
#include <filesystem>
std::string lastScreenshot;
void pickHyprPicker(sdbus::MethodCall& call) {
const std::string HYPRPICKER_CMD = "hyprpicker --format=rgb --no-fancy";
std::string rgbColor = execAndGet(HYPRPICKER_CMD.c_str());
@ -133,11 +135,15 @@ void CScreenshotPortal::onScreenshot(sdbus::MethodCall& call) {
bool isInteractive = options.count("interactive") && options["interactive"].get<bool>() && inShellPath("slurp");
// make screenshot
const std::string HYPR_DIR = "/tmp/hypr/";
const std::string SNAP_FILE = "xdph_screenshot.png";
const auto RUNTIME_DIR = getenv("XDG_RUNTIME_DIR");
srand(time(nullptr));
const std::string HYPR_DIR = RUNTIME_DIR ? std::string{RUNTIME_DIR} + "/hypr/" : "/tmp/hypr/";
const std::string SNAP_FILE = std::format("xdph_screenshot_{:x}.png", rand()); // rand() is good enough
const std::string FILE_PATH = HYPR_DIR + SNAP_FILE;
const std::string SNAP_CMD = "grim " + FILE_PATH;
const std::string SNAP_INTERACTIVE_CMD = "grim -g \"$(slurp)\" " + FILE_PATH;
const std::string SNAP_CMD = "grim '" + FILE_PATH + "'";
const std::string SNAP_INTERACTIVE_CMD = "grim -g \"$(slurp)\" '" + FILE_PATH + "'";
std::unordered_map<std::string, sdbus::Variant> results;
results["uri"] = "file://" + FILE_PATH;
@ -145,6 +151,11 @@ void CScreenshotPortal::onScreenshot(sdbus::MethodCall& call) {
std::filesystem::remove(FILE_PATH);
std::filesystem::create_directory(HYPR_DIR);
// remove last screenshot. This could cause issues if the app hasn't read the screenshot back yet, but oh well.
if (!lastScreenshot.empty())
std::filesystem::remove(lastScreenshot);
lastScreenshot = FILE_PATH;
if (isInteractive)
execAndGet(SNAP_INTERACTIVE_CMD.c_str());
else

View file

@ -16,7 +16,7 @@ std::string sanitizeNameForWindowList(const std::string& name) {
for (size_t i = 1; i < result.size(); ++i) {
if (result[i - 1] == '>' && result[i] == ']')
result[i] = ' ';
if (result[i] == '\"')
if (result[i] == '\"' || result[i] == '\'')
result[i] = ' ';
}
return result;
@ -43,8 +43,10 @@ SSelectionData promptForScreencopySelection() {
const char* XCURSOR_SIZE = getenv("XCURSOR_SIZE");
const char* HYPRLAND_INSTANCE_SIGNATURE = getenv("HYPRLAND_INSTANCE_SIGNATURE");
// DANGEROUS: we are sending a list of app IDs and titles via env. Make sure it's in 'singlequotes' to avoid something like $(rm -rf /)
// TODO: this is dumb, use a pipe or something.
std::string cmd =
std::format("WAYLAND_DISPLAY={} QT_QPA_PLATFORM=\"wayland\" XCURSOR_SIZE={} HYPRLAND_INSTANCE_SIGNATURE={} XDPH_WINDOW_SHARING_LIST=\"{}\" hyprland-share-picker 2>&1",
std::format("WAYLAND_DISPLAY='{}' QT_QPA_PLATFORM='wayland' XCURSOR_SIZE='{}' HYPRLAND_INSTANCE_SIGNATURE='{}' XDPH_WINDOW_SHARING_LIST='{}' hyprland-share-picker 2>&1",
WAYLAND_DISPLAY ? WAYLAND_DISPLAY : "", XCURSOR_SIZE ? XCURSOR_SIZE : "24", HYPRLAND_INSTANCE_SIGNATURE ? HYPRLAND_INSTANCE_SIGNATURE : "0", buildWindowList());
const auto RETVAL = execAndGet(cmd.c_str());

View file

@ -22,8 +22,7 @@ extern "C" {
#define XDPH_PWR_BUFFERS_MIN 2
#define XDPH_PWR_ALIGN 16
enum eSelectionType
{
enum eSelectionType {
TYPE_INVALID = -1,
TYPE_OUTPUT = 0,
TYPE_WINDOW,