Chore: Code optimization

[GongHeng2017]

-- In Qt 6, QProcess::start()requires the program name and arguments to be passed separately.

Summary by Sourcery

Enhancements:

• Adjust command execution for hciconfig, bluetoothctl, and nvidia-settings to use separate program and argument parameters in QProcess::start for improved Qt 6 compatibility.

[sourcery-ai]

Reviewer's guide (collapsed on small PRs)

Reviewer's Guide

Refactors QProcess usage to pass program and arguments separately, aligning with Qt 6 requirements for external command execution in the device manager tooling.

Sequence diagram for updated QProcess external command execution

sequenceDiagram
    participant CmdTool
    participant QProcess
    participant hciconfig

    CmdTool->>QProcess: start(hciconfig, [--all])
    QProcess->>hciconfig: execute with args
    hciconfig-->>QProcess: standardOutput
    QProcess-->>CmdTool: readAllStandardOutput()

Loading

Sequence diagram for bluetoothctl QProcess start with separate arguments

sequenceDiagram
    participant CmdTool
    participant QProcess
    participant bluetoothctl

    CmdTool->>QProcess: start(bluetoothctl, [show, BD_Address])
    QProcess->>bluetoothctl: execute with args
    bluetoothctl-->>QProcess: standardOutput
    QProcess-->>CmdTool: readAllStandardOutput()

Loading

Sequence diagram for nvidia-settings QProcess start with separate arguments

sequenceDiagram
    participant CmdTool
    participant QProcess
    participant nvidia_settings

    CmdTool->>QProcess: start(nvidia-settings, [-q, GPUMemoryInterface])
    QProcess->>nvidia_settings: execute with args
    nvidia_settings-->>QProcess: standardOutput
    QProcess-->>CmdTool: readAllStandardOutput()

Loading

File-Level Changes

Change	Details	Files
Update QProcess::start calls to use separate program and arguments instead of a single command string.	Change hciconfig invocation to call QProcess::start with "hciconfig" as the program and "--all" as an argument. Change bluetoothctl invocation to call QProcess::start with "bluetoothctl" as the program and "show" plus the BD Address as separate arguments. Change nvidia-settings invocation to call QProcess::start with "nvidia-settings" as the program and "-q" and "GPUMemoryInterface" as separate arguments. Remove now-unnecessary intermediate QString command variables where QProcess is started directly.	deepin-devicemanager/src/GenerateDevice/CmdTool.cpp

---

Tips and commands

Interacting with Sourcery

• Trigger a new review: Comment @sourcery-ai review on the pull request.
• Continue discussions: Reply directly to Sourcery's review comments.
• Generate a GitHub issue from a review comment: Ask Sourcery to create an
  issue from a review comment by replying to it. You can also reply to a
  review comment with @sourcery-ai issue to create an issue from it.
• Generate a pull request title: Write @sourcery-ai anywhere in the pull
  request title to generate a title at any time. You can also comment
  @sourcery-ai title on the pull request to (re-)generate the title at any time.
• Generate a pull request summary: Write @sourcery-ai summary anywhere in
  the pull request body to generate a PR summary at any time exactly where you
  want it. You can also comment @sourcery-ai summary on the pull request to
  (re-)generate the summary at any time.
• Generate reviewer's guide: Comment @sourcery-ai guide on the pull
  request to (re-)generate the reviewer's guide at any time.
• Resolve all Sourcery comments: Comment @sourcery-ai resolve on the
  pull request to resolve all Sourcery comments. Useful if you've already
  addressed all the comments and don't want to see them anymore.
• Dismiss all Sourcery reviews: Comment @sourcery-ai dismiss on the pull
  request to dismiss all existing Sourcery reviews. Especially useful if you
  want to start fresh with a new review - don't forget to comment
  @sourcery-ai review to trigger a new review!

Customizing Your Experience

Access your dashboard to:

• Enable or disable review features such as the Sourcery-generated pull request
  summary, the reviewer's guide, and others.
• Change the review language.
• Add, remove or edit custom review instructions.
• Adjust other review settings.

Getting Help

• Contact our support team for questions or feedback.
• Visit our documentation for detailed guides and information.
• Keep in touch with the Sourcery team by following us on X/Twitter, LinkedIn or GitHub.

[sourcery-ai]

Hey - I've reviewed your changes and they look great!

---

Sourcery is free for open source - if you like our reviews please consider sharing them ✨

• X
• Mastodon
• LinkedIn
• Facebook

_{Help me be more useful! Please click 👍 or 👎 on each comment and I'll use the feedback to improve your reviews.}

[deepin-ci-robot]

deepin pr auto review

这是一份非常出色的代码修改！本次 git diff 的核心是将 QProcess::start(const QString &cmd) 的单字符串调用方式，重构为更安全的 QProcess::start(const QString &program, const QStringList &arguments) 参数分离调用方式。

以下是我对本次代码变更的详细审查意见：

一、 语法与逻辑 (正确性)

评价：优秀

1. 参数拆分逻辑正确：所有的命令行参数都被正确地拆分到了 QStringList 中。例如 "nvidia-smi -i %1 -q -d MEMORY" 被正确拆分为 "-i", gpuNumList[1], "-q", "-d", "MEMORY"。
2. 变量作用域控制良好：在 loadNvidiaSettingInfo 函数中，program 和 arguments 被提前声明，并在后续的循环和分支中通过 clear() 和重新赋值进行复用，逻辑清晰，没有出现变量遮蔽或误用的情况。

二、 代码质量 (可读性与可维护性)

评价：良好，有微小改进空间

1. 消除魔法数字：在 loadHciconfigInfo 中的 int msecs = 10000; 和 loadBluetoothCtlInfo 中的 process.waitForFinished(2000);，以及 getDeviceInfoFromCmd 中的 process.waitForFinished(-1);，超时时间散落在代码各处。建议在类定义或源文件头部使用具名常量（如 static const int CMD_TIMEOUT_MS = 10000;），提高可维护性。
2. 日志打印的完整性：
   在修改后的 getDeviceInfoFromCmd 中：

   qCDebug(appLog) << "Getting device info from command:" << program;

   这里只打印了 program，丢失了 arguments 信息，这会导致调试时无法看到完整的执行命令。建议修改为：

   qCDebug(appLog) << "Getting device info from command:" << program << arguments;

3. 头文件版权修改：将两行不同年份的版权注释合并为一行 2019 - 2026，逻辑合理，符合规范。

三、 代码性能

评价：良好

1. 字符串处理性能：将单字符串拼接改为 QStringList 避免了多次内存分配，性能略有提升。
2. arguments.clear() 复用：在 loadNvidiaSettingInfo 中复用 arguments 变量并调用 clear()，避免了重复构造对象的开销，是一个好习惯。

四、 代码安全 (核心改进点)

评价：卓越

1. 命令注入风险消除：这是本次修改最大的亮点！原代码使用 process.start(cmd)，Qt 会将整个字符串传递给底层 shell（如 /bin/sh -c "cmd"），如果 cmd 中包含来自外部的不可信数据（如 mapInfo["BD Address"] 或 gpuNumList[1]），极易引发命令注入漏洞。
   修改为 process.start(program, arguments) 后，Qt 会直接使用 execvp 系统调用，绕过 shell 解析，参数中的特殊字符（如 ; rm -rf /）只会被当作字面量传递给目标程序，从根本上杜绝了命令注入的风险。
2. 空参数防注入：虽然绕过了 shell，但如果 mapInfo["BD Address"] 为空，bluetoothctl 会收到 ["show", ""] 这样的参数列表，可能导致非预期行为。建议在调用前校验关键参数非空。

五、 综合改进建议代码

针对以上审查意见，我为您提供优化后的 getDeviceInfoFromCmd 函数及部分调用处的代码示例：

1. 优化 getDeviceInfoFromCmd 函数（增加参数打印与超时控制）：

bool CmdTool::getDeviceInfoFromCmd(QString &deviceInfo,
                                   const QString &program,
                                   const QStringList &arguments,
                                   int msecs = -1) // 建议增加超时参数，默认-1
{
    // 建议打印完整的参数列表，方便调试
    qCDebug(appLog) << "Getting device info from command:" << program << arguments;
    
    QProcess process;
    process.start(program, arguments);
    
    // 建议不要无条件使用 -1 (无限等待)，防止进程挂死导致应用卡死
    if (!process.waitForFinished(msecs)) {
        qCWarning(appLog) << "Command timed out or failed to start:" << program << process.errorString();
        return false;
    }
    
    deviceInfo = process.readAllStandardOutput();
    qCDebug(appLog) << "Command output:" << deviceInfo;
    return true;
}

2. 优化 loadBluetoothCtlInfo 中的参数校验：

// 校验 MAC 地址格式，防止传入空字符串或非法字符导致命令异常
QString bdAddress = mapInfo["BD Address"];
if (bdAddress.isEmpty()) {
    qCWarning(appLog) << "BD Address is empty, skip bluetoothctl show";
    return;
}
QProcess process;
process.start("bluetoothctl", QStringList() << "show" << bdAddress);
// ...

总结：本次 PR 质量非常高，精准地修复了潜在的安全漏洞，代码逻辑严谨。只需稍微补充一下日志打印的完整性，并注意极端情况下的参数校验与超时控制，即可合入主分支。

[deepin-ci-robot]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: GongHeng2017, lzwind

The full list of commands accepted by this bot can be found here.

Details

Needs approval from an approver in each of these files:

• debian/deepin/OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[GongHeng2017]

/merge

[deepin-bot]

This pr cannot be merged! (status: unstable)

[GongHeng2017]

/forcemerge

[deepin-bot]

This pr force merged! (status: unstable)