Skip to content

fix: prevent IndexError in mkconcore.py when arguments are missing (fixes #267) #308

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
GaneshPatil7517 wants to merge 3 commits into from
Closed

fix: prevent IndexError in mkconcore.py when arguments are missing (fixes #267) #308

Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
3a2970c
fix: validate arguments before usage in mkconcore.py (Issue #267)
GaneshPatil7517 Feb 14, 2026
3631273
fix: add safe_name validation for sourcedir argument
GaneshPatil7517 Feb 14, 2026
f8ea2a8
fix: address Copilot review - use logging.error, quit(), and validate…
GaneshPatil7517 Feb 14, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
86 changes: 44 additions & 42 deletions mkconcore.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -75,40 +75,45 @@
import shlex # Added for POSIX shell escaping

# input validation helper
def safe_name(value, context, allow_path=False):
"""
Validates that the input string does not contain characters dangerous
for filesystem paths or shell command injection.
"""
if not value:
raise ValueError(f"{context} cannot be empty")
# blocks control characters and shell metacharacters
# allow path separators and drive colons for full paths when needed
if allow_path:
pattern = r'[\x00-\x1F\x7F*?"<>|;&`$\'()]'
else:
# blocks path traversal (/, \, :) in addition to shell metacharacters
pattern = r'[\x00-\x1F\x7F\\/:*?"<>|;&`$\'()]'
if re.search(pattern, value):
raise ValueError(f"Unsafe {context}: '{value}' contains illegal characters.")
return value

MKCONCORE_VER = "22-09-18"

SCRIPT_DIR = os.path.dirname(os.path.abspath(__file__))

def _resolve_concore_path():
script_concore = os.path.join(SCRIPT_DIR, "concore.py")
if os.path.exists(script_concore):
return SCRIPT_DIR
cwd_concore = os.path.join(os.getcwd(), "concore.py")
if os.path.exists(cwd_concore):
return os.getcwd()
return SCRIPT_DIR

GRAPHML_FILE = sys.argv[1]
TRIMMED_LOGS = True
CONCOREPATH = _resolve_concore_path()
def safe_name(value, context, allow_path=False):
"""
Validates that the input string does not contain characters dangerous
for filesystem paths or shell command injection.
"""
if not value:
raise ValueError(f"{context} cannot be empty")
# blocks control characters and shell metacharacters
# allow path separators and drive colons for full paths when needed
if allow_path:
pattern = r'[\x00-\x1F\x7F*?"<>|;&`$\'()]'
else:
# blocks path traversal (/, \, :) in addition to shell metacharacters
pattern = r'[\x00-\x1F\x7F\\/:*?"<>|;&`$\'()]'
if re.search(pattern, value):
raise ValueError(f"Unsafe {context}: '{value}' contains illegal characters.")
return value

MKCONCORE_VER = "22-09-18"

SCRIPT_DIR = os.path.dirname(os.path.abspath(__file__))

def _resolve_concore_path():
script_concore = os.path.join(SCRIPT_DIR, "concore.py")
if os.path.exists(script_concore):
return SCRIPT_DIR
cwd_concore = os.path.join(os.getcwd(), "concore.py")
if os.path.exists(cwd_concore):
return os.getcwd()
return SCRIPT_DIR

if len(sys.argv) < 4:
logging.error("Usage: python mkconcore.py <GRAPHML_FILE> <sourcedir> <outdir> [type]")
logging.error(" type must be posix (macos or ubuntu), windows, or docker")
quit()

GRAPHML_FILE = safe_name(sys.argv[1], "GRAPHML file argument", allow_path=True)
TRIMMED_LOGS = True
CONCOREPATH = _resolve_concore_path()
CPPWIN = "g++" #Windows C++ 6/22/21
CPPEXE = "g++" #Ubuntu/macOS C++ 6/22/21
VWIN = "iverilog" #Windows verilog 6/25/21
Expand Down Expand Up @@ -152,18 +157,15 @@ def _resolve_concore_path():
sourcedir = sys.argv[2]
outdir = sys.argv[3]

# Validate outdir argument (allow full paths)
safe_name(outdir, "Output directory argument", allow_path=True)
# Validate arguments (allow full paths)
safe_name(sourcedir, "Source directory argument", allow_path=True)
safe_name(outdir, "Output directory argument", allow_path=True)

if not os.path.isdir(sourcedir):
logging.error(f"{sourcedir} does not exist")
quit()

if len(sys.argv) < 4:
logging.error("usage: py mkconcore.py file.graphml sourcedir outdir [type]")
logging.error(" type must be posix (macos or ubuntu), windows, or docker")
quit()
elif len(sys.argv) == 4:
if len(sys.argv) == 4:
prefixedgenode = outdir+"_" #nodes and edges prefixed with outdir_ only in case no type specified 3/24/21
concoretype = "docker"
else:
Expand Down Expand Up @@ -1227,4 +1229,4 @@ def cleanup_script_files():
os.chmod(outdir+"/clear",stat.S_IRWXU)
os.chmod(outdir+"/maxtime",stat.S_IRWXU)
os.chmod(outdir+"/params",stat.S_IRWXU)
os.chmod(outdir+"/unlock",stat.S_IRWXU)
os.chmod(outdir+"/unlock",stat.S_IRWXU)