cry/Hyprland
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

hyprpm: clean up root access and properly check input (#10304)

Browse source 
* manifest: reject bad names from parsing

* sys: restructure root functions
This commit is contained in:
Vaxry 2025-05-06 22:43:08 +02:00 committed by GitHub
parent 948277895e
commit f8bbe5124c
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
7 changed files with 224 additions and 111 deletions
Download patch file Download diff file Expand all files Collapse all files

44
hyprpm/src/core/Manifest.cpp
View file

@ -1,6 +1,12 @@
#include "Manifest.hpp"
#include <toml++/toml.hpp>
#include <iostream>
#include <algorithm>
// Alphanumerics and -_ allowed for plugin names. No magic names.
// [A-Za-z0-9\-_]*
static bool validManifestName(const std::string_view& n) {
return std::ranges::all_of(n, [](const char& c) { return (c >= 'a' && c <= 'z') || (c >= 'A' && c <= 'Z') || c == '-' || c == '_' || c == '=' || (c >= '0' && c <= '9'); });
}
CManifest::CManifest(const eManifestType type, const std::string& path) {
auto manifest = toml::parse_file(path);
@ -11,11 +17,17 @@ CManifest::CManifest(const eManifestType type, const std::string& path) {
continue;
CManifest::SManifestPlugin plugin;
if (!validManifestName(key.str())) {
m_good = false;
return;
}
plugin.name = key;
m_vPlugins.push_back(plugin);
m_plugins.push_back(plugin);
}
for (auto& plugin : m_vPlugins) {
for (auto& plugin : m_plugins) {
plugin.description = manifest[plugin.name]["description"].value_or("?");
plugin.version = manifest[plugin.name]["version"].value_or("?");
plugin.output = manifest[plugin.name]["build"]["output"].value_or("?");
@ -37,21 +49,21 @@ CManifest::CManifest(const eManifestType type, const std::string& path) {
}
if (plugin.output.empty() || plugin.buildSteps.empty()) {
m_bGood = false;
m_good = false;
return;
}
}
} else if (type == MANIFEST_HYPRPM) {
m_sRepository.name = manifest["repository"]["name"].value_or("");
auto authors = manifest["repository"]["authors"].as_array();
m_repository.name = manifest["repository"]["name"].value_or("");
auto authors = manifest["repository"]["authors"].as_array();
if (authors) {
for (auto&& a : *authors) {
m_sRepository.authors.push_back(a.as_string()->value_or("?"));
m_repository.authors.push_back(a.as_string()->value_or("?"));
}
} else {
auto author = manifest["repository"]["author"].value_or("");
if (!std::string{author}.empty())
m_sRepository.authors.push_back(author);
m_repository.authors.push_back(author);
}
auto pins = manifest["repository"]["commit_pins"].as_array();
@ -59,7 +71,7 @@ CManifest::CManifest(const eManifestType type, const std::string& path) {
for (auto&& pin : *pins) {
auto pinArr = pin.as_array();
if (pinArr && pinArr->get(1))
m_sRepository.commitPins.push_back(std::make_pair<>(pinArr->get(0)->as_string()->get(), pinArr->get(1)->as_string()->get()));
m_repository.commitPins.push_back(std::make_pair<>(pinArr->get(0)->as_string()->get(), pinArr->get(1)->as_string()->get()));
}
}
@ -68,11 +80,17 @@ CManifest::CManifest(const eManifestType type, const std::string& path) {
continue;
CManifest::SManifestPlugin plugin;
if (!validManifestName(key.str())) {
m_good = false;
return;
}
plugin.name = key;
m_vPlugins.push_back(plugin);
m_plugins.push_back(plugin);
}
for (auto& plugin : m_vPlugins) {
for (auto& plugin : m_plugins) {
plugin.description = manifest[plugin.name]["description"].value_or("?");
plugin.output = manifest[plugin.name]["output"].value_or("?");
plugin.since = manifest[plugin.name]["since_hyprland"].value_or(0);
@ -94,12 +112,12 @@ CManifest::CManifest(const eManifestType type, const std::string& path) {
}
if (plugin.output.empty() || plugin.buildSteps.empty()) {
m_bGood = false;
m_good = false;
return;
}
}
} else {
// ???
m_bGood = false;
m_good = false;
}
}