From 321b024daee08992495a80e2f998a5913c5b0a49 Mon Sep 17 00:00:00 2001
From: jvoisin
Date: Sat, 25 Jun 2011 19:06:55 +0200
Subject: Add a binding to shred. Rudimentary protection against shell
 injection.

---
 lib/parser.py | 7 +++----
 1 file changed, 3 insertions(+), 4 deletions(-)

(limited to 'lib/parser.py')

diff --git a/lib/parser.py b/lib/parser.py
index 12ef15a..c7e189e 100644
--- a/lib/parser.py
+++ b/lib/parser.py
@@ -7,7 +7,7 @@ import hachoir_parser
 import hachoir_editor
 import sys
 import os
-import shutil
+import subprocess
 
 POSTFIX = ".cleaned"
 
@@ -23,10 +23,9 @@ class Generic_parser():
         '''
             securely remove the file
         '''
-        #FIXME : not secure at all !
+        #FIXME : Vulnerable to shell injection ?
         try:
-            shutil.rmtree(self.filename)
-            #shutil.subprocess('shutil' , '--remove', 'self.filename')
+            subprocess.call('shred --remove %s' % self.filename, shell=True)
         except:
             print('Unable to remove %s' % self.filename)
 
-- 
cgit v1.3