1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
|
From fdd7c47c85d5d6dbf21e05e7a0d6afcf383f1d24 Mon Sep 17 00:00:00 2001
From: Ahmad Samir <a.samirh78@gmail.com>
Date: Tue, 15 Sep 2020 20:06:49 +0200
Subject: [PATCH] OpenUrlJob: handle all text scripts consistently
Previously we only handled application/x-shellscript, but there are other
scripts; a script is technically a file that inherits both text/plain and
application/x-executable, e.g. .sh, .csh, .py, perl scripts ...etc. Treat
all those mime types the way we handled shell scripts:
- if it's not a local url, or isn't executable we open it in the preferred
text editor
- if it's executable either show the OpenOrExecute dialog or execute
directly depending on how the job is configured
The mimetype world is a confusing one:
- Executables, this includes .exe files (MS Windows); and "application/x-executable"
and "application/x-sharedlib", this depends on various parameters (e.g.
stripped executables are x-sharedlib, the same executable if not stripped
is x-executable...)
- Scripts: shell, python, perl... etc scripts, which are text files that
can be executed or opened as text.
Adjust the unit test.
BUG: 425829
BUG: 425177
FIXED-IN: 5.75
---
autotests/openurljobtest.cpp | 56 +++++++++++++++++++++++--------
autotests/openurljobtest.h | 2 ++
src/gui/openurljob.cpp | 65 ++++++++++++++++++++++--------------
3 files changed, 85 insertions(+), 38 deletions(-)
diff --git a/autotests/openurljobtest.cpp b/autotests/openurljobtest.cpp
index 2f2ef8ad..ed2211a8 100644
--- a/autotests/openurljobtest.cpp
+++ b/autotests/openurljobtest.cpp
@@ -103,14 +103,13 @@ void OpenUrlJobTest::initTestCase()
KConfigGroup grp = mimeAppsCfg.group("Default Applications");
grp.writeEntry("text/plain", s_tempServiceName);
grp.writeEntry("text/html", s_tempServiceName);
- grp.writeEntry("application/x-shellscript", s_tempServiceName);
grp.sync();
- for (const char *mimeType : {"text/plain", "application/x-shellscript"}) {
- KService::Ptr preferredTextEditor = KApplicationTrader::preferredService(QString::fromLatin1(mimeType));
- QVERIFY(preferredTextEditor);
- QCOMPARE(preferredTextEditor->entryPath(), m_fakeService);
- }
+
+ // "text/plain" encompasses all scripts (shell, python, perl)
+ KService::Ptr preferredTextEditor = KApplicationTrader::preferredService(QStringLiteral("text/plain"));
+ QVERIFY(preferredTextEditor);
+ QCOMPARE(preferredTextEditor->entryPath(), m_fakeService);
// As used for preferredService
QVERIFY(KService::serviceByDesktopName("openurljobtest_service"));
@@ -230,17 +229,38 @@ void OpenUrlJobTest::invalidUrl()
QCOMPARE(job2->errorString(), QStringLiteral("Malformed URL\n/pathonly"));
}
+void OpenUrlJobTest::refuseRunningNativeExecutables_data()
+{
+ QTest::addColumn<QString>("mimeType");
+
+ // Executables under e.g. /usr/bin/ can be either of these two mimetypes
+ // see https://gitlab.freedesktop.org/xdg/shared-mime-info/-/issues/11
+ QTest::newRow("x-sharedlib") << "application/x-sharedlib";
+ QTest::newRow("x-executable") << "application/x-executable";
+}
+
void OpenUrlJobTest::refuseRunningNativeExecutables()
{
- KIO::OpenUrlJob *job = new KIO::OpenUrlJob(QUrl::fromLocalFile(QCoreApplication::applicationFilePath()), QStringLiteral("application/x-executable"), this);
+ QFETCH(QString, mimeType);
+
+ KIO::OpenUrlJob *job = new KIO::OpenUrlJob(QUrl::fromLocalFile(QCoreApplication::applicationFilePath()), mimeType, this);
QVERIFY(!job->exec());
QCOMPARE(job->error(), KJob::UserDefinedError);
QVERIFY2(job->errorString().contains("For security reasons, launching executables is not allowed in this context."), qPrintable(job->errorString()));
}
+void OpenUrlJobTest::refuseRunningRemoteNativeExecutables_data()
+{
+ QTest::addColumn<QString>("mimeType");
+ QTest::newRow("x-sharedlib") << "application/x-sharedlib";
+ QTest::newRow("x-executable") << "application/x-executable";
+}
+
void OpenUrlJobTest::refuseRunningRemoteNativeExecutables()
{
- KIO::OpenUrlJob *job = new KIO::OpenUrlJob(QUrl("protocol://host/path/exe"), QStringLiteral("application/x-executable"), this);
+ QFETCH(QString, mimeType);
+
+ KIO::OpenUrlJob *job = new KIO::OpenUrlJob(QUrl("protocol://host/path/exe"), mimeType, this);
job->setRunExecutables(true); // even with this enabled, an error will occur
QVERIFY(!job->exec());
QCOMPARE(job->error(), KJob::UserDefinedError);
@@ -273,8 +293,11 @@ void OpenUrlJobTest::runScript_data()
{
QTest::addColumn<QString>("mimeType");
+ // All text-based scripts inherit text/plain and application/x-executable, no need to test
+ // all flavours (python, perl, lua, awk ...etc), this sample should be enough
QTest::newRow("shellscript") << "application/x-shellscript";
- QTest::newRow("native") << "application/x-executable";
+ QTest::newRow("pythonscript") << "text/x-python";
+ QTest::newRow("javascript") << "application/javascript";
}
void OpenUrlJobTest::runScript()
@@ -305,16 +328,23 @@ void OpenUrlJobTest::runScript()
void OpenUrlJobTest::runNativeExecutable_data()
{
+ QTest::addColumn<QString>("mimeType");
QTest::addColumn<bool>("withHandler");
QTest::addColumn<bool>("handlerRetVal");
- QTest::newRow("no_handler") << false << false;
- QTest::newRow("handler_false") << true << false;
- QTest::newRow("handler_true") << true << true;
+ QTest::newRow("no_handler_x-sharedlib") << "application/x-sharedlib" << false << false;
+ QTest::newRow("handler_false_x-sharedlib") << "application/x-sharedlib" << true << false;
+ QTest::newRow("handler_true_x-sharedlib") << "application/x-sharedlib" << true << true;
+
+ QTest::newRow("no_handler_x-executable") << "application/x-executable" << false << false;
+ QTest::newRow("handler_false_x-executable") << "application/x-executable" << true << false;
+ QTest::newRow("handler_true_x-executable") << "application/x-executable" << true << true;
+
}
void OpenUrlJobTest::runNativeExecutable()
{
+ QFETCH(QString, mimeType);
QFETCH(bool, withHandler);
QFETCH(bool, handlerRetVal);
@@ -335,7 +365,7 @@ void OpenUrlJobTest::runNativeExecutable()
KIO::setDefaultUntrustedProgramHandler(withHandler ? &s_handler : nullptr);
// When using OpenUrlJob to run the executable
- KIO::OpenUrlJob *job = new KIO::OpenUrlJob(QUrl::fromLocalFile(scriptFile), QStringLiteral("application/x-executable"), this);
+ KIO::OpenUrlJob *job = new KIO::OpenUrlJob(QUrl::fromLocalFile(scriptFile), mimeType, this);
job->setRunExecutables(true); // startProcess tests the case where this isn't set
const bool success = job->exec();
diff --git a/autotests/openurljobtest.h b/autotests/openurljobtest.h
index e71987d9..f5b9a5be 100644
--- a/autotests/openurljobtest.h
+++ b/autotests/openurljobtest.h
@@ -26,7 +26,9 @@ private Q_SLOTS:
void noServiceNoHandler();
void invalidUrl();
+ void refuseRunningNativeExecutables_data();
void refuseRunningNativeExecutables();
+ void refuseRunningRemoteNativeExecutables_data();
void refuseRunningRemoteNativeExecutables();
void notAuthorized();
void runScript_data();
diff --git a/src/gui/openurljob.cpp b/src/gui/openurljob.cpp
index 8ac187b4..3e35c95c 100644
--- a/src/gui/openurljob.cpp
+++ b/src/gui/openurljob.cpp
@@ -73,9 +73,9 @@ public:
private:
void executeCommand();
- void handleExecutables(const QMimeType &mimeType);
+ void handleBinaries(const QMimeType &mimeType);
void handleDesktopFiles();
- void handleShellscripts();
+ void handleScripts();
void openInPreferredApp();
void runLink(const QString &filePath, const QString &urlStr, const QString &optionalServiceName);
@@ -439,14 +439,29 @@ void KIO::OpenUrlJobPrivate::emitAccessDenied()
q->emitResult();
}
-// was: KRun::isExecutable (minus application/x-desktop and application/x-shellscript mimetypes).
+// was: KRun::isExecutable (minus application/x-desktop mimetype).
// Feel free to make public if needed.
-static bool isExecutableMime(const QMimeType &mimeType)
+static bool isBinary(const QMimeType &mimeType)
{
- return (mimeType.inherits(QStringLiteral("application/x-executable")) ||
- /* e.g. /usr/bin/ls, see https://gitlab.freedesktop.org/xdg/shared-mime-info/-/issues/11 */
- mimeType.inherits(QStringLiteral("application/x-sharedlib")) ||
- mimeType.inherits(QStringLiteral("application/x-ms-dos-executable")));
+ // - Binaries could be e.g.:
+ // - application/x-executable
+ // - application/x-sharedlib e.g. /usr/bin/ls, see
+ // https://gitlab.freedesktop.org/xdg/shared-mime-info/-/issues/11
+ //
+ // - Mimetypes that inherit application/x-executable _and_ text/plain are scripts, these are
+ // handled by handleScripts()
+
+ return (mimeType.inherits(QStringLiteral("application/x-executable"))
+ || mimeType.inherits(QStringLiteral("application/x-sharedlib"))
+ || mimeType.inherits(QStringLiteral("application/x-ms-dos-executable")));
+}
+
+// Helper function that returns whether a file is a text-based script
+// e.g. ".sh", ".csh", ".py", ".js"
+static bool isTextScript(const QMimeType &mimeType)
+{
+ return (mimeType.inherits(QStringLiteral("application/x-executable"))
+ && mimeType.inherits(QStringLiteral("text/plain")));
}
// Helper function that returns whether a file has the execute bit set or not.
@@ -456,7 +471,7 @@ static bool hasExecuteBit(const QString &fileName)
}
// Handle native binaries (.e.g. /usr/bin/*); and .exe files
-void KIO::OpenUrlJobPrivate::handleExecutables(const QMimeType &mimeType)
+void KIO::OpenUrlJobPrivate::handleBinaries(const QMimeType &mimeType)
{
if (!KAuthorized::authorize(QStringLiteral("shell_access"))) {
emitAccessDenied();
@@ -475,11 +490,9 @@ void KIO::OpenUrlJobPrivate::handleExecutables(const QMimeType &mimeType)
const QString localPath = m_url.toLocalFile();
- // Check whether file is an executable script
-#ifdef Q_OS_WIN
- const bool isNativeBinary = !mimeType.inherits(QStringLiteral("text/plain"));
-#else
- const bool isNativeBinary = !mimeType.inherits(QStringLiteral("text/plain")) && !mimeType.inherits(QStringLiteral("application/x-ms-dos-executable"));
+ bool isNativeBinary = true;
+#ifndef Q_OS_WIN
+ isNativeBinary = !mimeType.inherits(QStringLiteral("application/x-ms-dos-executable"));
#endif
if (m_showOpenOrExecuteDialog) {
@@ -497,6 +510,8 @@ void KIO::OpenUrlJobPrivate::handleExecutables(const QMimeType &mimeType)
}
};
+ // Ask the user for confirmation before executing this binary (for binaries
+ // the dialog will only show Execute/Cancel)
showOpenOrExecuteFileDialog(dialogFinished);
return;
}
@@ -601,15 +616,15 @@ void KIO::OpenUrlJobPrivate::runUrlWithMimeType()
return;
}
- // Shell scripts
- if (mimeType.inherits(QStringLiteral("application/x-shellscript"))) {
- handleShellscripts();
+ // Scripts (e.g. .sh, .csh, .py, .js)
+ if (isTextScript(mimeType)) {
+ handleScripts();
return;
}
- // Binaries (e.g. /usr/bin/konsole) and .exe files
- if (isExecutableMime(mimeType)) {
- handleExecutables(mimeType);
+ // Binaries (e.g. /usr/bin/{konsole,ls}) and .exe files
+ if (isBinary(mimeType)) {
+ handleBinaries(mimeType);
return;
}
@@ -677,8 +692,9 @@ void KIO::OpenUrlJobPrivate::handleDesktopFiles()
openInPreferredApp();
}
-void KIO::OpenUrlJobPrivate::handleShellscripts()
+void KIO::OpenUrlJobPrivate::handleScripts()
{
+ // Executable scripts of any type can run arbitrary shell commands
if (!KAuthorized::authorize(QStringLiteral("shell_access"))) {
emitAccessDenied();
return;
@@ -687,8 +703,7 @@ void KIO::OpenUrlJobPrivate::handleShellscripts()
const bool isLocal = m_url.isLocalFile();
const QString localPath = m_url.toLocalFile();
if (!isLocal || !hasExecuteBit(localPath)) {
- // Open remote shell scripts or ones without the execute bit, with the
- // default application
+ // Open remote scripts or ones without the execute bit, with the default application
openInPreferredApp();
return;
}
@@ -706,7 +721,7 @@ void KIO::OpenUrlJobPrivate::handleShellscripts()
return;
}
- if (m_runExecutables) { // Local executable shell script, proceed
+ if (m_runExecutables) { // Local executable script, proceed
executeCommand();
} else { // Open in the default (text editor) app
openInPreferredApp();
@@ -767,7 +782,7 @@ void KIO::OpenUrlJobPrivate::showOpenOrExecuteFileDialog(std::function<void(bool
if (!s_openOrExecuteFileHandler) {
// No way to ask the user whether to execute or open
- if (mimeType.inherits(QStringLiteral("application/x-shellscript"))
+ if (isTextScript(mimeType)
|| mimeType.inherits(QStringLiteral("application/x-desktop"))) { // Open text-based ones in the default app
openInPreferredApp();
} else {
--
GitLab
|
GitWeb