Avoid the usage of shell=True in Popen, which could lead to potenti…

…al security risks. (#1435)

* Removes (where possible) the usage of shell=True in Popen

* Fixes (needs check on runtime) adb + add a solution for p4a.extra_args

* Change the logic to auto accept the SDK licenses, to avoid the shell=True usage

buildozer/__init__.py

@@ -26,6 +26,8 @@
 from fnmatch import fnmatch
 
 from pprint import pformat
+import shlex
+import pexpect
 
 from urllib.request import FancyURLopener
 from configparser import ConfigParser
@@ -261,7 +263,6 @@ def cmd(self, command, **kwargs):
         kwargs.setdefault('stdout', PIPE)
         kwargs.setdefault('stderr', PIPE)
         kwargs.setdefault('close_fds', True)
-        kwargs.setdefault('shell', True)
         kwargs.setdefault('show_output', self.log_level > 1)
 
         show_output = kwargs.pop('show_output')
@@ -357,7 +358,6 @@ def cmd(self, command, **kwargs):
                 process.returncode)
 
     def cmd_expect(self, command, **kwargs):
-        from pexpect import spawnu
 
         # prepare the environ, based on the system + our own env
         env = environ.copy()
@@ -378,7 +378,7 @@ def cmd_expect(self, command, **kwargs):
             self.debug('Run (expect) {0!r} ...'.format(command.split()[0]))
 
         self.debug('Cwd {}'.format(kwargs.get('cwd')))
-        return spawnu(command, **kwargs)
+        return pexpect.spawnu(shlex.join(command), **kwargs)
 
     def check_configuration_tokens(self):
         '''Ensure the spec file is 'correct'.
@@ -515,9 +515,11 @@ def check_application_requirements(self):
     def _install_application_requirement(self, module):
         self._ensure_virtualenv()
         self.debug('Install requirement {} in virtualenv'.format(module))
-        self.cmd('pip install --target={} {}'.format(self.applibs_dir, module),
-                 env=self.env_venv,
-                 cwd=self.buildozer_dir)
+        self.cmd(
+            ["pip", "install", f"--target={self.applibs_dir}", module],
+            env=self.env_venv,
+            cwd=self.buildozer_dir,
+        )
 
     def check_garden_requirements(self):
         garden_requirements = self.config.getlist('app',
@@ -530,13 +532,15 @@ def _ensure_virtualenv(self):
             return
         self.venv = join(self.buildozer_dir, 'venv')
         if not self.file_exists(self.venv):
-            self.cmd('python3 -m venv ./venv',
+            self.cmd(["python3", "-m", "venv", "./venv"],
                     cwd=self.buildozer_dir)
 
         # read virtualenv output and parse it
-        output = self.cmd('bash -c "source venv/bin/activate && env"',
-                get_stdout=True,
-                cwd=self.buildozer_dir)
+        output = self.cmd(
+            ["bash", "-c", "source venv/bin/activate && env"],
+            get_stdout=True,
+            cwd=self.buildozer_dir,
+        )
         self.env_venv = copy(self.environ)
         for line in output[0].splitlines():
             args = line.split('=', 1)
@@ -594,22 +598,22 @@ def file_copy(self, source, target, cwd=None):
 
     def file_extract(self, archive, cwd=None):
         if archive.endswith('.tgz') or archive.endswith('.tar.gz'):
-            self.cmd('tar xzf {0}'.format(archive), cwd=cwd)
+            self.cmd(["tar", "xzf", archive], cwd=cwd)
             return
 
         if archive.endswith('.tbz2') or archive.endswith('.tar.bz2'):
             # XXX same as before
-            self.cmd('tar xjf {0}'.format(archive), cwd=cwd)
+            self.cmd(["tar", "xjf", archive], cwd=cwd)
             return
 
         if archive.endswith('.bin'):
             # To process the bin files for linux and darwin systems
-            self.cmd('chmod a+x {0}'.format(archive), cwd=cwd)
-            self.cmd('./{0}'.format(archive), cwd=cwd)
+            self.cmd(["chmod", "a+x", archive], cwd=cwd)
+            self.cmd([f"./{archive}"], cwd=cwd)
             return
 
         if archive.endswith('.zip'):
-            self.cmd('unzip -q {}'.format(join(cwd, archive)), cwd=cwd)
+            self.cmd(["unzip", "-q", join(cwd, archive)], cwd=cwd)
             return
 
         raise Exception('Unhandled extraction for type {0}'.format(archive))

buildozer/target.py

@@ -228,8 +228,6 @@ def path_or_git_url(self, repo, owner='kivy', branch='master',
             branch = config.getdefault('app', '{}_branch'.format(key), branch)
             default_url = url_format.format(owner=owner, repo=repo, branch=branch)
             url = config.getdefault('app', '{}_url'.format(key), default_url)
-            if branch != 'master':
-                url = "--branch {} {}".format(branch, url)
         return path, url, branch
 
     def install_or_update_repo(self, repo, **kwargs):
@@ -252,15 +250,14 @@ def install_or_update_repo(self, repo, **kwargs):
         custom_dir, clone_url, clone_branch = self.path_or_git_url(repo, **kwargs)
         if not self.buildozer.file_exists(install_dir):
             if custom_dir:
-                cmd('mkdir -p "{}"'.format(install_dir))
-                cmd('cp -a "{}"/* "{}"/'.format(custom_dir, install_dir))
+                cmd(["mkdir", "-p", install_dir])
+                cmd(["cp", "-a", f"{custom_dir}/*", f"{install_dir}/"])
             else:
-                cmd('git clone {}'.format(clone_url),
-                        cwd=self.buildozer.platform_dir)
+                cmd(["git", "clone", "--branch", clone_branch, clone_url], cwd=self.buildozer.platform_dir)
         elif self.platform_update:
             if custom_dir:
-                cmd('cp -a "{}"/* "{}"/'.format(custom_dir, install_dir))
+                cmd(["cp", "-a", f"{custom_dir}/*", f"{install_dir}/"])
             else:
-                cmd('git clean -dxf', cwd=install_dir)
-                cmd('git pull origin {}'.format(clone_branch), cwd=install_dir)
+                cmd(["git", "clean", "-dxf"], cwd=install_dir)
+                cmd(["git", "pull", "origin", clone_branch], cwd=install_dir)
         return install_dir