-
Notifications
You must be signed in to change notification settings - Fork 43
feat(storage): add MMC storage vendor identification via sysfs #700
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Changes from all commits
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -12,11 +12,13 @@ | |
|
|
||
| // 其它头文件 | ||
| #include <QString> | ||
| #include <QMap> | ||
|
Check warning on line 15 in deepin-devicemanager/src/commonfunction.cpp
|
||
| #include <QProcess> | ||
|
Check warning on line 16 in deepin-devicemanager/src/commonfunction.cpp
|
||
| #include <QFile> | ||
|
Check warning on line 17 in deepin-devicemanager/src/commonfunction.cpp
|
||
| #include <QFileInfo> | ||
|
Check warning on line 18 in deepin-devicemanager/src/commonfunction.cpp
|
||
| #include <QDir> | ||
|
Check warning on line 19 in deepin-devicemanager/src/commonfunction.cpp
|
||
| #include <QLoggingCategory> | ||
|
Check warning on line 20 in deepin-devicemanager/src/commonfunction.cpp
|
||
| #include <QRegularExpression> | ||
|
Check warning on line 21 in deepin-devicemanager/src/commonfunction.cpp
|
||
|
|
||
| #include <sys/utsname.h> | ||
| #include <cmath> | ||
|
|
@@ -394,3 +396,57 @@ | |
| // 4. Return original string if no known suffix matches | ||
| return speed; | ||
| } | ||
|
|
||
| /** | ||
| * 安全读取sysfs下指定文件内容 | ||
| * @param baseDir 根目录 /sys/xxx/mmc0:0001 | ||
| * @param fileName 待读取的文件名 | ||
| * @return 文件原始字符串(去换行空格) | ||
| */ | ||
| QString Common::safeReadSysFsFile(const QString &baseDir, const QString &fileName, QString &errOut) | ||
| { | ||
| errOut.clear(); | ||
|
|
||
| if (!baseDir.startsWith("/sys/") && baseDir != "/sys") { | ||
| errOut = QString("baseDir not under /sys: %1").arg(baseDir); | ||
| return ""; | ||
| } | ||
| if (baseDir.contains("..")) { | ||
| errOut = QString("Path traversal detected in baseDir: %1").arg(baseDir); | ||
| return ""; | ||
| } | ||
|
|
||
| if (fileName.contains('/') || fileName.contains("..") || fileName.contains('\\')) { | ||
| errOut = QString("Path traversal detected in fileName: %1").arg(fileName); | ||
| return ""; | ||
| } | ||
|
|
||
| QFileInfo fullPathInfo(QDir(baseDir), fileName); | ||
| QString fullPath = fullPathInfo.canonicalFilePath(); | ||
|
|
||
| if (!fullPath.startsWith("/sys/")) | ||
| { | ||
| errOut = QString("Path escape to non-sys dir: %1").arg(fullPath); | ||
| return ""; | ||
| } | ||
|
|
||
| if (!fullPathInfo.isFile() || fullPathInfo.isSymLink()) | ||
| { | ||
| errOut = QString("Not a regular file or symlink: %1").arg(fullPath); | ||
|
Comment on lines
+433
to
+435
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. issue (bug_risk): Logic and message around regular file vs symlink are inconsistent and may reject valid sysfs paths The condition To allow both, invert the logic: if (!fullPathInfo.isFile() && !fullPathInfo.isSymLink()) {
errOut = QString("Not a regular file or symlink: %1").arg(fullPath);
return "";
}If symlinks are meant to be disallowed, adjust the error message to match that behavior instead. |
||
| return ""; | ||
| } | ||
|
|
||
| QFile file(fullPath); | ||
| if (!file.open(QIODevice::ReadOnly)) | ||
| { | ||
| errOut = QString("Open failed: %1, err=%2").arg(fullPath, file.errorString()); | ||
| return ""; | ||
| } | ||
|
|
||
| const qint64 MAX_READ_LEN = 64; | ||
| QByteArray rawData = file.read(MAX_READ_LEN); | ||
| file.close(); | ||
|
|
||
| QString content = QString::fromUtf8(rawData).trimmed(); | ||
| return content; | ||
| } | ||
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
issue (bug_risk): Removing "0x" this way will also strip any '0' and 'x' characters inside the ID
cleanId.remove("0x")removes all occurrences of that substring, not just a leading prefix, so IDs containing0xin the middle will be corrupted (e.g."0x10x1b"→"11b"), breaking lookups. Restrict this to a leading prefix only, e.g.:Apply the same fix to
getOemName.