From a8d0908073574cb7148123b90915fe351776f89c Mon Sep 17 00:00:00 2001 From: LordBaryhobal Date: Mon, 18 Mar 2024 20:27:33 +0100 Subject: [PATCH] added checks and cleanup of temp profiles --- main.py | 23 +++++++++++++++++------ 1 file changed, 17 insertions(+), 6 deletions(-) diff --git a/main.py b/main.py index ac283e5..84e6ebf 100644 --- a/main.py +++ b/main.py @@ -106,8 +106,6 @@ def startBrowser(headless: bool = True) -> tuple[Firefox, FirefoxProfile]: options = FirefoxOptions() profile = FirefoxProfile(profilePath) options.profile = profile - #options.set_preference("profile", profilePath) - #options.add_argument(f"-profile {profilePath}") distinguishkey = "-distinguishkey" + str(random.randint(111111, 999999)) options.add_argument(distinguishkey) @@ -149,18 +147,31 @@ def closeBrowser(driver: Firefox, distinguishkey: str) -> None: errorLogger.log(f"Tried: sudo cp -r {realProfilePath} {PERSISTENT_PROFILE_PATH}") exit() - # Remove lock - subprocess.run(["sudo", "rm", os.path.join(PERSISTENT_PROFILE_PATH, "lock")]) + # Remove lock (if still present) + lockPath = os.path.join(PERSISTENT_PROFILE_PATH, "lock") + if os.path.isfile(lockPath): + subprocess.run(["sudo", "rm", lockPath]) # Grant user access to directory subprocess.run(["sudo", "chown", "-R", f"{os.getuid()}:{os.getgid()}", PERSISTENT_PROFILE_PATH]) - subprocess.run(["sudo", "chmod", "-R", "0664", PERSISTENT_PROFILE_PATH]) + subprocess.run(["sudo", "chmod", "-R", "0644", PERSISTENT_PROFILE_PATH]) subprocess.run(["sudo", "chmod", "-R", "+X", PERSISTENT_PROFILE_PATH]) try: driver.quit() except: - pass # error expected because we killed the processed + pass # error expected because we killed the processe + + # Cleanup + if os.path.isdir(realProfilePath): + # Extra security to avoid deleting / recursively :) + # Costs nothing to be extra safe + if realProfilePath.startswith("/tmp/") and \ + realProfilePath.startswith(os.path.abspath(os.path.join(ROOT, "tmp"))) and \ + len(realProfilePath.split(os.path.sep)) >= 2 and \ + ".." not in realProfilePath: + + subprocess.run(["sudo", "rm", "-r", realProfilePath]) def doLogin() -> None: print("+--------------------------+")