From 635212e58205fafd7d4dc30c23c76b9cb0048ba7 Mon Sep 17 00:00:00 2001 From: Federico Stagni Date: Fri, 5 Apr 2024 17:21:09 +0200 Subject: [PATCH] fix: ensure pilot wrapper decompresses files securely (including proxies) --- src/DIRAC/WorkloadManagementSystem/Utilities/PilotWrapper.py | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/src/DIRAC/WorkloadManagementSystem/Utilities/PilotWrapper.py b/src/DIRAC/WorkloadManagementSystem/Utilities/PilotWrapper.py index 3c0a8cd337e..c707685f074 100644 --- a/src/DIRAC/WorkloadManagementSystem/Utilities/PilotWrapper.py +++ b/src/DIRAC/WorkloadManagementSystem/Utilities/PilotWrapper.py @@ -34,6 +34,7 @@ from __future__ import print_function import os +import io import stat import tempfile import sys @@ -174,7 +175,8 @@ def pilotWrapperScript( for pfName, encodedPf in pilotFilesCompressedEncodedDict.items(): compressedString += """ try: - with open('%(pfName)s', 'wb') as fd: + fd = os.open('%(pfName)s', os.O_WRONLY | os.O_CREAT | os.O_TRUNC, stat.S_IRUSR | stat.S_IWUSR) + with io.open(fd, 'wb') as fd: if sys.version_info < (3,): fd.write(bz2.decompress(base64.b64decode(\"\"\"%(encodedPf)s\"\"\"))) else: