From 74186ae992186292c716e80b4b1fcad9c4e717dd Mon Sep 17 00:00:00 2001
From: Wang Huan <wanghuan29@baidu.com>
Date: Mon, 11 Mar 2024 10:29:05 +0000
Subject: [PATCH] fix security

---
 python/paddle/base/core.py | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/python/paddle/base/core.py b/python/paddle/base/core.py
index 765c63fd2d6d0..2e53b3be890c3 100644
--- a/python/paddle/base/core.py
+++ b/python/paddle/base/core.py
@@ -14,6 +14,7 @@
 
 import os
 import platform
+import re
 import site
 import sys
 import warnings
@@ -193,8 +194,18 @@ def run_shell_command(cmd):
         return out.decode('utf-8').strip()
 
 
+def is_valid_filename(filename):
+    pattern = re.compile(r'^[a-zA-Z0-9_.-]+$')
+    if pattern.match(filename):
+        return True
+    else:
+        return False
+
+
 def get_dso_path(core_so, dso_name):
     if core_so and dso_name:
+        assert is_valid_filename(core_so), 'core_so must be a file name.'
+        assert is_valid_filename(dso_name), 'dso_name must be a file name.'
         return run_shell_command(
             f"ldd {core_so}|grep {dso_name}|awk '{{print $3}}'"
         )