From 11af2cf24d76186f1ec9d353a1cb134eea22f199 Mon Sep 17 00:00:00 2001 From: Remco Burema Date: Wed, 1 Jun 2022 14:26:44 +0200 Subject: Prevent run of out-of-install executable in secure context. SEC-257 | CURA-8968 --- plugins/CuraEngineBackend/CuraEngineBackend.py | 23 ++++++++++++++--------- 1 file changed, 14 insertions(+), 9 deletions(-) diff --git a/plugins/CuraEngineBackend/CuraEngineBackend.py b/plugins/CuraEngineBackend/CuraEngineBackend.py index 8636c465c0..b2fdad5b24 100755 --- a/plugins/CuraEngineBackend/CuraEngineBackend.py +++ b/plugins/CuraEngineBackend/CuraEngineBackend.py @@ -60,7 +60,7 @@ class CuraEngineBackend(QObject, Backend): executable_name = "CuraEngine" if Platform.isWindows(): executable_name += ".exe" - default_engine_location = executable_name + self._default_engine_location = executable_name search_path = [ os.path.abspath(os.path.dirname(sys.executable)), @@ -74,29 +74,29 @@ class CuraEngineBackend(QObject, Backend): for path in search_path: engine_path = os.path.join(path, executable_name) if os.path.isfile(engine_path): - default_engine_location = engine_path + self._default_engine_location = engine_path break - if Platform.isLinux() and not default_engine_location: + if Platform.isLinux() and not self._default_engine_location: if not os.getenv("PATH"): raise OSError("There is something wrong with your Linux installation.") for pathdir in cast(str, os.getenv("PATH")).split(os.pathsep): execpath = os.path.join(pathdir, executable_name) if os.path.exists(execpath): - default_engine_location = execpath + self._default_engine_location = execpath break application = CuraApplication.getInstance() #type: CuraApplication self._multi_build_plate_model = None #type: Optional[MultiBuildPlateModel] self._machine_error_checker = None #type: Optional[MachineErrorChecker] - if not default_engine_location: + if not self._default_engine_location: raise EnvironmentError("Could not find CuraEngine") - Logger.log("i", "Found CuraEngine at: %s", default_engine_location) + Logger.log("i", "Found CuraEngine at: %s", self._default_engine_location) - default_engine_location = os.path.abspath(default_engine_location) - application.getPreferences().addPreference("backend/location", default_engine_location) + self._default_engine_location = os.path.abspath(self._default_engine_location) + application.getPreferences().addPreference("backend/location", self._default_engine_location) # Workaround to disable layer view processing if layer view is not active. self._layer_view_active = False #type: bool @@ -215,7 +215,12 @@ class CuraEngineBackend(QObject, Backend): This is useful for debugging and used to actually start the engine. :return: list of commands and args / parameters. """ - command = [CuraApplication.getInstance().getPreferences().getValue("backend/location"), "connect", "127.0.0.1:{0}".format(self._port), ""] + from cura import ApplicationMetadata + if ApplicationMetadata.IsEnterpriseVersion: + command = [self._default_engine_location] + else: + command = [CuraApplication.getInstance().getPreferences().getValue("backend/location")] + command += ["connect", "127.0.0.1:{0}".format(self._port), ""] parser = argparse.ArgumentParser(prog = "cura", add_help = False) parser.add_argument("--debug", action = "store_true", default = False, help = "Turn on the debug mode by setting this option.") -- cgit v1.2.3