diff options
| author | Denys Vlasenko <vda.linux@googlemail.com> | 2010-01-21 02:56:53 +0100 |
|---|---|---|
| committer | Denys Vlasenko <vda.linux@googlemail.com> | 2010-01-21 02:56:53 +0100 |
| commit | 6443695f275167adb123070daf2a6b6ecc0bb371 (patch) | |
| tree | e55e9cb7795f3a5fb239793eab60f2320fe11cbc /src/Gui/CCReporterDialog.py | |
| parent | f1322558475277ffed7a9c61f4b9478b4dd1d46c (diff) | |
| download | abrt-6443695f275167adb123070daf2a6b6ecc0bb371.tar.gz abrt-6443695f275167adb123070daf2a6b6ecc0bb371.tar.xz abrt-6443695f275167adb123070daf2a6b6ecc0bb371.zip | |
abrtd: fix Report() dbus call gaping security holes
We were blindly trusting the values passed to us
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
Diffstat (limited to 'src/Gui/CCReporterDialog.py')
| -rw-r--r-- | src/Gui/CCReporterDialog.py | 154 |
1 files changed, 79 insertions, 75 deletions
diff --git a/src/Gui/CCReporterDialog.py b/src/Gui/CCReporterDialog.py index d24c0dd8..f46c180f 100644 --- a/src/Gui/CCReporterDialog.py +++ b/src/Gui/CCReporterDialog.py @@ -11,16 +11,10 @@ from ABRTPlugin import PluginInfo from PluginSettingsUI import PluginSettingsUI from PluginList import getPluginInfoList #from CCDumpList import getDumpList, DumpList +from CCDump import * # FILENAME_xxx, CD_xxx from abrt_utils import _, log, log1, log2 # FIXME - create method or smth that returns type|editable|content -CD_TYPE = 0 -CD_EDITABLE = 1 -CD_CONTENT = 2 - -CD_SYS = "s" -CD_BIN = "b" -CD_TXT = "t" # response REFRESH = -50 @@ -34,7 +28,7 @@ class ReporterDialog(): self.report = report #Set the Glade file # FIXME add to path - builderfile = "%s%sreport.glade" % (sys.path[0],"/") + builderfile = "%s/report.glade" % sys.path[0] self.builder = gtk.Builder() self.builder.add_from_file(builderfile) #Get the Main Window, and connect the "destroy" event @@ -47,21 +41,20 @@ class ReporterDialog(): # comment textview self.tvComment = self.builder.get_object("tvComment") self.tvComment.connect("focus-in-event", self.on_comment_focus_cb) - self.comment_changed = False + self.show_hint_comment = 1 # "how to reproduce" textview self.tevHowToReproduce = self.builder.get_object("tevHowToReproduce") - self.how_to_changed = False self.builder.get_object("fErrors").hide() self.builder.get_object("bLog").connect("clicked", self.show_log_cb, log) self.builder.get_object("cbSendBacktrace").connect("toggled", self.on_send_backtrace_toggled) self.allow_send() self.hydrate() - + def check_backtrace(self): print "checking backtrace" - + def warn_user(self, warnings): # FIXME: show in lError fErrors = self.builder.get_object("fErrors") @@ -74,12 +67,12 @@ class ReporterDialog(): warning_lbl = "* %s" % warning lErrors.set_label(warning_lbl) fErrors.show_all() - + def hide_warning(self): fErrors = self.builder.get_object("fErrors") lErrors = self.builder.get_object("lErrors") fErrors.hide() - + def allow_send(self): self.hide_warning() bSend = self.builder.get_object("bSend") @@ -87,7 +80,7 @@ class ReporterDialog(): send = True error_msgs = [] try: - rating = self.report["rating"] + rating = self.report[FILENAME_RATING] except: rating = None # active buttons acording to required fields @@ -98,29 +91,30 @@ class ReporterDialog(): # we have both SendBacktrace and rating if rating: try: - package = self.report["package"][CD_CONTENT] + package = self.report[FILENAME_PACKAGE][CD_CONTENT] # if we don't have package for some reason except: package = None # not usable report - if int(self.report["rating"][CD_CONTENT]) < 3: + if int(self.report[FILENAME_RATING][CD_CONTENT]) < 3: if package: error_msgs.append(_("Reporting disabled because the backtrace is unusable.\nPlease try to install debuginfo manually using command: <b>debuginfo-install %s</b> \nthen use Refresh button to regenerate the backtrace." % package[0:package.rfind('-',0,package.rfind('-'))])) else: error_msgs.append(_("The backtrace is unusable, you can't report this!")) # probably usable 3 - elif int(self.report["rating"][CD_CONTENT]) < 4: + elif int(self.report[FILENAME_RATING][CD_CONTENT]) < 4: error_msgs.append(_("The backtrace is incomplete, please make sure you provide good steps to reproduce.")) - + if error_msgs: self.warn_user(error_msgs) bSend.set_sensitive(send) - + def on_send_backtrace_toggled(self, toggle_button): self.allow_send() - + def show_log_cb(self, widget, log): show_log(log, parent=self.window) + # this callback is called when user press Cancel or Report button in Report dialog def on_response(self, dialog, response_id, daemon): # the button has been pressed (probably) @@ -136,9 +130,10 @@ class ReporterDialog(): model[path][3] = not model[path][3] def on_comment_focus_cb(self, widget, event): - if not self.comment_changed: + if self.show_hint_comment: + # clear "hint" text by supplying a fresh, empty TextBuffer widget.set_buffer(gtk.TextBuffer()) - self.comment_changed = True + self.show_hint_comment = 0 def on_config_plugin_clicked(self, button, plugin, image): ui = PluginSettingsUI(plugin, parent=self.window) @@ -204,66 +199,77 @@ class ReporterDialog(): if len(text) > label_widget.get_max_width_chars(): label_widget.set_tooltip_text(text) label_widget.set_text(text) - + def hydrate(self): self.editable = [] + self.old_comment = "" + self.old_how_to_reproduce = "" for item in self.report: - if item == "backtrace": + try: + log2("report[%s]:%s/%s/%s", item, self.report[item][0], self.report[item][1], self.report[item][2][0:20]) + except: + pass + + if item == FILENAME_BACKTRACE: buff = gtk.TextBuffer() tvBacktrace = self.builder.get_object("tvBacktrace") buff.set_text(self.report[item][CD_CONTENT]) tvBacktrace.set_buffer(buff) continue - if item == "Comment": - buff = gtk.TextBuffer() - comment = _("Brief description how to reproduce this or what you did...") + + if item == FILENAME_COMMENT: try: if self.report[item][CD_CONTENT]: - comment = self.report[item][CD_CONTENT] - self.comment_changed = True + self.old_comment = self.report[item][CD_CONTENT] except Exception, e: pass - - buff.set_text(comment) - - self.tvComment.set_buffer(buff) continue - if item == "How to reproduce": - buff = gtk.TextBuffer() - how_to_reproduce = _("") + + if item == FILENAME_REPRODUCE: try: if self.report[item][CD_CONTENT]: - how_to_reproduce = self.report[item][CD_CONTENT] - self.how_to_changed = True + self.old_how_to_reproduce = self.report[item][CD_CONTENT] except Exception, e: pass + continue - buff.set_text(how_to_reproduce) + if self.report[item][CD_TYPE] == CD_SYS: + continue - self.tevHowToReproduce.set_buffer(buff) + # item name 0| value 1| editable? 2| toggled? 3| visible?(attachment)4 + # FIXME: handle editable fields + if self.report[item][CD_TYPE] == CD_BIN: + self.builder.get_object("fAttachment").show() + vbAttachments = self.builder.get_object("vbAttachments") + toggle = gtk.CheckButton(self.report[item][CD_CONTENT]) + vbAttachments.pack_start(toggle) + # bind item to checkbox + toggle.item = item + toggle.show() continue - if self.report[item][CD_TYPE] != CD_SYS: - # item name 0| value 1| editable? 2| toggled? 3| visible?(attachment)4 - # FIXME: handle editable fields - if self.report[item][CD_TYPE] == CD_BIN: - self.builder.get_object("fAttachment").show() - vbAttachments = self.builder.get_object("vbAttachments") - toggle = gtk.CheckButton(self.report[item][CD_CONTENT]) - vbAttachments.pack_start(toggle) - # bind item to checkbox - toggle.item = item - toggle.show() - continue - item_label = self.builder.get_object("l%s" % item) - if item_label: - self.set_label(item_label, self.report[item][CD_CONTENT]) - else: - # no widget to show this item - # probably some new item need to adjust the GUI! - # FIXME: add some window+button to show all the info - # in raw form (smth like the old report dialog) - pass + # It must be CD_TXT field + item_label = self.builder.get_object("l%s" % item) + if item_label: + self.set_label(item_label, self.report[item][CD_CONTENT]) + else: + # no widget to show this item + # probably some new item need to adjust the GUI! + # FIXME: add some window+button to show all the info + # in raw form (smth like the old report dialog) + pass + #end for + + buff = gtk.TextBuffer() + self.show_hint_comment = (self.old_comment == "") + if self.show_hint_comment: + buff.set_text(_("Brief description how to reproduce this or what you did...")) + else: + buff.set_text(self.old_comment) + self.tvComment.set_buffer(buff) + buff = gtk.TextBuffer() + buff.set_text(self.old_how_to_reproduce) + self.tevHowToReproduce.set_buffer(buff) def dehydrate(self): # handle attachments @@ -271,23 +277,22 @@ class ReporterDialog(): for attachment in vbAttachments.get_children(): #print "%s file %s" % (["not sending","sending"][attachment.get_active()], attachment.get_label()) del self.report[attachment.item] - + # handle comment - if self.comment_changed: - buff = self.tvComment.get_buffer() - self.report["Comment"] = [CD_TXT, 'y', buff.get_text(buff.get_start_iter(),buff.get_end_iter())] - else: - del self.report["Comment"] + buff = self.tvComment.get_buffer() + text = buff.get_text(buff.get_start_iter(), buff.get_end_iter()) + if self.old_comment != text: + self.report[FILENAME_COMMENT] = [CD_TXT, 'y', text] # handle how to reproduce - if self.how_to_changed: - buff = self.tevHowToReproduce.get_buffer() - self.report["How to reproduce"] = [CD_TXT, 'y', buff.get_text(buff.get_start_iter(),buff.get_end_iter())] - else: - del self.report["How to reproduce"] + buff = self.tevHowToReproduce.get_buffer() + text = buff.get_text(buff.get_start_iter(), buff.get_end_iter()) + if self.old_how_to_reproduce != text: + self.report[FILENAME_REPRODUCE] = [CD_TXT, 'y', text] #handle backtrace tev_backtrace = self.builder.get_object("tvBacktrace") buff = tev_backtrace.get_buffer() - self.report["backtrace"] = [CD_TXT, 'y', buff.get_text(buff.get_start_iter(),buff.get_end_iter())] + text = buff.get_text(buff.get_start_iter(), buff.get_end_iter()) + self.report[FILENAME_BACKTRACE] = [CD_TXT, 'y', text] def check_report(self): # FIXME: check the report for passwords and some other potentially @@ -299,4 +304,3 @@ class ReporterDialog(): result = self.window.run() self.window.destroy() return (result, self.report) - |