From ea347093c2658f4bf49ebe2cdecbef3780ad8f6e Mon Sep 17 00:00:00 2001 From: tecnovert Date: Mon, 3 Jan 2022 13:23:02 +0200 Subject: [PATCH] Always use subprocess without shell --- basicswap/base.py | 19 ++++++++++++------- basicswap/rpc.py | 12 +++++++++--- 2 files changed, 21 insertions(+), 10 deletions(-) diff --git a/basicswap/base.py b/basicswap/base.py index 340d149..2f2cd60 100644 --- a/basicswap/base.py +++ b/basicswap/base.py @@ -5,6 +5,7 @@ # file LICENSE or http://www.opensource.org/licenses/mit-license.php. import os +import shlex import logging import threading import subprocess @@ -108,10 +109,11 @@ class BaseApp: def calltx(self, cmd): bindir = self.coin_clients[Coins.PART]['bindir'] - command_tx = os.path.join(bindir, cfg.PARTICL_TX) - chainname = '' if self.chain == 'mainnet' else (' -' + self.chain) - args = command_tx + chainname + ' ' + cmd - p = subprocess.Popen(args, stdin=subprocess.PIPE, stdout=subprocess.PIPE, stderr=subprocess.PIPE, shell=True) + args = [os.path.join(bindir, cfg.PARTICL_TX), ] + if self.chain != 'mainnet': + args.append('-' + self.chain) + args += shlex.split(cmd) + p = subprocess.Popen(args, stdin=subprocess.PIPE, stdout=subprocess.PIPE, stderr=subprocess.PIPE) out = p.communicate() if len(out[1]) > 0: raise ValueError('TX error ' + str(out[1])) @@ -121,9 +123,12 @@ class BaseApp: bindir = self.coin_clients[coin_type]['bindir'] datadir = self.coin_clients[coin_type]['datadir'] command_cli = os.path.join(bindir, chainparams[coin_type]['name'] + '-cli' + ('.exe' if os.name == 'nt' else '')) - chainname = '' if self.chain == 'mainnet' else (' -' + self.chain) - args = command_cli + chainname + ' ' + '-datadir=' + datadir + ' ' + params - p = subprocess.Popen(args, stdin=subprocess.PIPE, stdout=subprocess.PIPE, stderr=subprocess.PIPE, shell=True) + args = [command_cli, ] + if self.chain != 'mainnet': + args.append('-' + self.chain) + args.append('-datadir=' + datadir) + args += shlex.split(params) + p = subprocess.Popen(args, stdin=subprocess.PIPE, stdout=subprocess.PIPE, stderr=subprocess.PIPE) out = p.communicate(timeout=timeout) if len(out[1]) > 0: raise ValueError('CLI error ' + str(out[1])) diff --git a/basicswap/rpc.py b/basicswap/rpc.py index 2fcd641..f860a62 100644 --- a/basicswap/rpc.py +++ b/basicswap/rpc.py @@ -1,12 +1,13 @@ # -*- coding: utf-8 -*- -# Copyright (c) 2020 tecnovert +# Copyright (c) 2020-2022 tecnovert # Distributed under the MIT software license, see the accompanying # file LICENSE or http://www.opensource.org/licenses/mit-license.php. import os import time import json +import shlex import urllib import logging import traceback @@ -129,8 +130,13 @@ def openrpc(rpc_port, auth, wallet=None, host='127.0.0.1'): def callrpc_cli(bindir, datadir, chain, cmd, cli_bin='particl-cli'): cli_bin = os.path.join(bindir, cli_bin) - args = cli_bin + ('' if chain == 'mainnet' else (' -' + chain)) + ' -datadir=' + datadir + ' ' + cmd - p = subprocess.Popen(args, stdin=subprocess.PIPE, stdout=subprocess.PIPE, stderr=subprocess.PIPE, shell=True) + args = [cli_bin, ] + if chain != 'mainnet': + args.append('-' + chain) + args.append('-datadir=' + datadir) + args += shlex.split(cmd) + + p = subprocess.Popen(args, stdin=subprocess.PIPE, stdout=subprocess.PIPE, stderr=subprocess.PIPE) out = p.communicate() if len(out[1]) > 0: