Merge pull request #3 from IntelLabs/io_read

mikanystrom-intel · web-flow · commit efd9da9630b1 · 2025-10-27T12:49:06.000-07:00
changed IO.read* -&gt; File.read* to avoid code injection attack
diff --git a/async-toolkit/m3utils/mby-merged/tools/srdl/scripts/htm_table.rb b/async-toolkit/m3utils/mby-merged/tools/srdl/scripts/htm_table.rb
@@ -12,7 +12,7 @@ class HtmTable < RDL::ViewGen
 
   class SecurityInfo
     def initialize(security_pm)
-      sec_hash = IO.read(security_pm).scan(/%security.*^\t\);/m).shift.
+      sec_hash = File.read(security_pm).scan(/%security.*^\t\);/m).shift.
                  sub(/^%/,"").
                  sub(/\(/,"{").
                  sub(/\)/,"}")
diff --git a/async-toolkit/m3utils/mby-merged/tools/srdl/scripts/rdl.rb b/async-toolkit/m3utils/mby-merged/tools/srdl/scripts/rdl.rb
@@ -214,7 +214,7 @@ def initialize(rdl_file)
       registers = Array.new
       regfiles  = Array.new
       addrmaps  = Array.new
-      rdl = rdl_file.class == String && rdl_file || IO.read(rdl_file)
+      rdl = rdl_file.class == String && rdl_file || File.read(rdl_file)
       rdl.gsub!(/\/\/.*/,"")
       rdl.gsub!(/^\s*lsm_IMN_map\s+\w+.*/,"") # FIXME
       rdl.scan(/^enum\s+(\w+)\s*(\{.*?^\};)/m    ) do |tn,bdy|
@@ -264,7 +264,7 @@ def initialize(rdl_file)
     def read_include_all(rdl_file, readit)
       return [] if rdl_file =~ /lsm_cfg.rdl/ # FIXME
       return [] if !File.exist?(rdl_file)
-      IO.readlines(rdl_file).map do |ln|
+      File.readlines(rdl_file).map do |ln|
         if ln =~ /^\s*`include\s+\"(.*?)\"/
           readit[$1] ? [] : read_include_all($1, readit[$1] = true && readit)
         else
@@ -291,7 +291,7 @@ def create(output_file, template)
     # Read output_file into @view_code Array
     def source(output_file, template="")
       if File.exist? output_file
-        @view_code = IO.readlines(output_file)
+        @view_code = File.readlines(output_file)
       else
         if File.exist?("#{File.dirname(__FILE__)}/#{template}.template")
           create(output_file, template)
diff --git a/async-toolkit/m3utils/mby-merged/tools/srdl/scripts/rdl_mgm_map.rb b/async-toolkit/m3utils/mby-merged/tools/srdl/scripts/rdl_mgm_map.rb
@@ -22,7 +22,7 @@ class RdlMgmMap < RDL::ViewGen
   class Logical < Hash
     require "yaml"
     def initialize(logical_file)
-      logical_str = IO.read(logical_file).split(/\n/).map do |ln|
+      logical_str = File.read(logical_file).split(/\n/).map do |ln|
         ln.strip.empty? ? nil : ln.sub(/=/,":").split
       end.compact
       logical_str.map!{|ln|ln[0..-3].join('-')+' '+ln[-2..-1].join(' ')}
