Trac #8674: sanity-check bundle root; don't delete install_root on failure.

The software updater was deleting ~/Activities when it encountered a bad bundle. Two separate issues: we didn't sanity check the bundle root to ensure it wasn't '.' or '..' or something crazy like that, and our "clean up on failure" code was deleting the install_root instead of the activity root (!). This was a regression introduced by the fix for #7733 in commit db2d1c42e2481d6dbc15405840ac23e46eab7318 (0.82.2).
16 years ago · 897428c794
parent 404a7b546a
commit 897428c794
1 changed files with 5 additions and 1 deletions
--- a/src/sugar/bundle/bundle.py
+++ b/src/sugar/bundle/bundle.py
@ -86,6 +86,9 @@ class Bundle:
            del file_names[0]

        self._zip_root_dir = file_names[0].split('/')[0]
+        if self._zip_root_dir.startswith('.'):
+            raise MalformedBundleException(
+                'root directory starts with .')
        if self._unzipped_extension is not None:
            (name_, ext) = os.path.splitext(self._zip_root_dir)
            if ext != self._unzipped_extension:
@ -162,7 +165,8 @@ class Bundle:
        if os.spawnlp(os.P_WAIT, 'unzip', 'unzip', '-o', self._path,
                      '-x', 'mimetype', '-d', install_dir):
            # clean up install dir after failure
-            shutil.rmtree(install_dir, ignore_errors=True)
+            shutil.rmtree(os.path.join(install_dir, self._zip_root_dir),
+                          ignore_errors=True)
            # indicate failure.
            raise ZipExtractException