Pr1118 #421
Merged
Pr1118 #421
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
KT-lcz
reviewed
Nov 27, 2025
Replaced direct `system()` calls with `QProcess`-based execution in `application/utils.cpp` and `opsLogViewerService/opslogexport.cpp`. Introduced `executCmd`, `parseCombinedArgString`, `appendToFile`, `grepA`, `appendToFileWithGrepA`, `getPhysicalInterfaces`, and `expandPathWithWildcardIterator` for safer and more flexible command and file operations. This mitigates shell injection risks and improves handling of command arguments and wildcard paths. Task: https://pms.uniontech.com/task-view-381443.html
Refactor CMake files to: - Remove redundant C++ standard version flags. - Correctly apply security hardening linker flags by using CMAKE_EXE_LINKER_FLAGS and string(APPEND). - Adjust the installation path for coredump reporter systemd user services. Update Debian packaging rules: - Migrate from debhelper to debhelper-compat (= 11) in debian/control. - Remove the debian/compat file.
…ation
- Coredump Reporter Service:
- Migrated coredump-reporter.service and coredump-reporter.timer installation from user-specific systemd/user to system-wide systemd/system.
- Removed debian/deepin-log-viewer.postinst as the service is now managed globally.
- Hardened coredump-reporter.service with User=root, ProtectSystem=strict, InaccessiblePaths for sensitive directories, and MemoryMax to improve security and resource management.
- D-Bus Service Authorization:
- Replaced the generic isValidInvoker function with specific checkAuth calls using action IDs (s_Action_View, s_Action_Export) in LogViewerService.
- Removed the isValidInvoker function and its declaration, streamlining the authorization logic.
Replaced the manual creation and deletion of the temporary directory for operational logs with QTemporaryDir. QTemporaryDir provides a more robust and safer mechanism for handling temporary files and directories. Task: https://pms.uniontech.com/task-view-381443.html
deepin pr auto review我来对这次代码变更进行审查:
a) 在 opslogexport.cpp 中: static int executCmd(const char *strCmd, const char *outputFile = nullptr, const QString &pattern = "", int afterLines = -1)建议:
b) 在 logviewerservice.cpp 中: bool LogViewerService::checkAuthorization(const QString &actionId)建议:
c) 在 utils.cpp 中: static void appendToFile(const QString &filePath, const QByteArray &content)建议:
总体来说,这次代码变更在安全性、代码组织结构等方面都有明显改进,但在错误处理和日志记录方面还有优化空间。 |
Contributor
Author
|
/merge |
Contributor
|
This pr cannot be merged! (status: blocked) |
lzwind
approved these changes
Nov 27, 2025
|
[APPROVALNOTIFIER] This PR is NOT APPROVED This pull-request has been approved by: lzwind, wangrong1069 The full list of commands accepted by this bot can be found here.
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
Contributor
Author
|
/merge |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
4 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
No description provided.