Testing fixes for security improvement, thread safety, and memory management.

2025-06-09 14:41:33 -04:00
parent 62e1001679
commit 6998706934
7 changed files with 19 additions and 10 deletions
--- a/src/fenrirscreenreader/commands/commands/bookmark_base.py
+++ b/src/fenrirscreenreader/commands/commands/bookmark_base.py
@ -4,6 +4,9 @@
 # Fenrir TTY screen reader
 # By Chrys, Storm Dragon, and contributers.

+import gettext
+_ = gettext.gettext
+
 from fenrirscreenreader.utils import mark_utils
 from fenrirscreenreader.utils import line_utils

--- a/src/fenrirscreenreader/core/applicationManager.py
+++ b/src/fenrirscreenreader/core/applicationManager.py
@ -16,16 +16,16 @@ class applicationManager():
    def getCurrentApplication(self):
        currApp = self.env['screen']['newApplication'].upper()
        if not currApp:
-            currApp == 'DEFAULT' 
+            currApp = 'DEFAULT' 
        if currApp == '':
-            currApp == 'DEFAULT'
+            currApp = 'DEFAULT'
        return currApp
    def getPrevApplication(self):
        prevApp = self.env['screen']['oldApplication'].upper()
        if not prevApp:
-            prevApp == 'DEFAULT' 
+            prevApp = 'DEFAULT' 
        if prevApp == '':
-            prevApp == 'DEFAULT' 
+            prevApp = 'DEFAULT' 
        return prevApp
    def isApplicationChange(self):
        return self.env['screen']['oldApplication'] != self.env['screen']['newApplication']
--- a/src/fenrirscreenreader/core/memoryManager.py
+++ b/src/fenrirscreenreader/core/memoryManager.py
@ -92,7 +92,7 @@ class memoryManager():
    def clearCurrentIndexList(self, name):
        if not self.listStorageValid(name):
            return False      
-        self.listStorage[name]['index'] = []
+        self.listStorage[name]['list'] = []
        self.listStorage[name]['index'] = -1
    def getCurrentIndex(self,name):
        if not self.listStorageValid(name):
@ -103,7 +103,7 @@ class memoryManager():
        try:        
            return self.listStorage[name]['index']    
        except:
-            retrun -1
+            return -1
    def isIndexListEmpty(self, name):
        if not self.listStorageValid(name):
            return False      
--- a/src/fenrirscreenreader/remoteDriver/unixDriver.py
+++ b/src/fenrirscreenreader/remoteDriver/unixDriver.py
@ -33,7 +33,7 @@ class driver(remoteDriver):
            os.unlink(socketFile)
        self.fenrirSock = socket.socket(socket.AF_UNIX, socket.SOCK_STREAM)
        self.fenrirSock.bind(socketFile)
-        os.chmod(socketFile, 0o666)
+        os.chmod(socketFile, 0o666)  # Allow all users to read/write
        self.fenrirSock.listen(1)
        while active.value:
            # Check if the client is still connected and if data is available:
--- a/src/fenrirscreenreader/screenDriver/vcsaDriver.py
+++ b/src/fenrirscreenreader/screenDriver/vcsaDriver.py
@ -36,7 +36,8 @@ class driver(screenDriver):
        self.hichar = None
        try:
            # set workaround for paste clipboard -> injectTextToScreen
-            os.system('sysctl dev.tty.legacy_tiocsti=1')
+            subprocess.run(['sysctl', 'dev.tty.legacy_tiocsti=1'], 
+                         check=False, capture_output=True, timeout=5)
        except:
            pass
    def initialize(self, environment):
--- a/src/fenrirscreenreader/soundDriver/genericDriver.py
+++ b/src/fenrirscreenreader/soundDriver/genericDriver.py
@ -44,10 +44,14 @@ class driver(soundDriver):
            return
        if interrupt:
            self.cancel()
+        # Validate file path to prevent injection
+        import os
+        if not os.path.isfile(filePath) or '..' in filePath:
+            return
        popenSoundFileCommand = shlex.split(self.soundFileCommand)
        for idx, word in enumerate(popenSoundFileCommand):
            word = word.replace('fenrirVolume', str(self.volume ))
-            word = word.replace('fenrirSoundFile', str(filePath))
+            word = word.replace('fenrirSoundFile', shlex.quote(str(filePath)))
            popenSoundFileCommand[idx] = word
        self.proc = subprocess.Popen(popenSoundFileCommand, shell=False)
        self.soundType = 'file'
--- a/src/fenrirscreenreader/speechDriver/genericDriver.py
+++ b/src/fenrirscreenreader/speechDriver/genericDriver.py
@ -174,7 +174,8 @@ class driver(speechDriver):
                word = word.replace('fenrirVoice', str(utterance['voice']))
                word = word.replace('fenrirPitch', str(utterance['pitch']))
                word = word.replace('fenrirRate', str(utterance['rate']))
-                word = word.replace('fenrirText', str(utterance['text']))
+                # Properly quote text to prevent command injection
+                word = word.replace('fenrirText', shlex.quote(str(utterance['text'])))
                popenSpeechCommand[idx] = word

            try: