On 12/28/20 3:15 PM, Matt Turner wrote: > +def apply_keyword_changes(ebuild: str, pathname: str, > + changes: List[Tuple[Optional[str], > + Optional[str]]]) -> int: > + result: int = 0 > + > + # ekeyword will only modify files named *.ebuild, so make a symlink > + ebuild_symlink: str = os.path.basename(pathname) > + os.symlink(ebuild, ebuild_symlink)
Are we sure that the current working directory is an entirely safe place to create this symlink? A simple fix would be to use tempfile.TemporaryDirectory to create a temporary directory to hold the symlink. Or, we could change ekeyword to assume that an argument is an ebuild if os.path.isfile(arg) succeeds. > + for removals, additions in changes: > + args = [] > + for rem in removals: > + # Drop leading '~' and '-' characters and prepend '^' > + i = 1 if rem[0] in ('~', '-') else 0 > + args.append('^' + rem[i:]) > + if additions: > + args.extend(additions) > + args.append(ebuild_symlink) > + > + result = ekeyword.main(args) > + if result != 0: > + break > + > + os.remove(ebuild_symlink) > + return result -- Thanks, Zac
signature.asc
Description: OpenPGP digital signature