diff options
Diffstat (limited to 'libmat2/abstract.py')
| -rw-r--r-- | libmat2/abstract.py | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/libmat2/abstract.py b/libmat2/abstract.py index 414a68b..9b510f6 100644 --- a/libmat2/abstract.py +++ b/libmat2/abstract.py | |||
| @@ -1,5 +1,6 @@ | |||
| 1 | import abc | 1 | import abc |
| 2 | import os | 2 | import os |
| 3 | import re | ||
| 3 | from typing import Set, Dict, Union | 4 | from typing import Set, Dict, Union |
| 4 | 5 | ||
| 5 | assert Set # make pyflakes happy | 6 | assert Set # make pyflakes happy |
| @@ -17,6 +18,11 @@ class AbstractParser(abc.ABC): | |||
| 17 | """ | 18 | """ |
| 18 | :raises ValueError: Raised upon an invalid file | 19 | :raises ValueError: Raised upon an invalid file |
| 19 | """ | 20 | """ |
| 21 | if re.search('^[a-z0-9./]', filename) is None: | ||
| 22 | # Some parsers are calling external binaries, | ||
| 23 | # this prevents shell command injections | ||
| 24 | filename = os.path.join('.', filename) | ||
| 25 | |||
| 20 | self.filename = filename | 26 | self.filename = filename |
| 21 | fname, extension = os.path.splitext(filename) | 27 | fname, extension = os.path.splitext(filename) |
| 22 | self.output_filename = fname + '.cleaned' + extension | 28 | self.output_filename = fname + '.cleaned' + extension |