From 27ad66b8afbcc68c0aab48ec710a6cc9d3009b40 Mon Sep 17 00:00:00 2001
From: Valentin Niess <niess@in2p3.fr>
Date: Sun, 5 Apr 2020 00:00:06 +0200
Subject: [PATCH] Secure the shebang patcher against binaries

---
 python_appimage/data/sitecustomize.py | 16 ++++++++++------
 1 file changed, 10 insertions(+), 6 deletions(-)

diff --git a/python_appimage/data/sitecustomize.py b/python_appimage/data/sitecustomize.py
index 0a5652c..11932aa 100644
--- a/python_appimage/data/sitecustomize.py
+++ b/python_appimage/data/sitecustomize.py
@@ -37,14 +37,18 @@ def patch_pip_install():
             path = os.path.join(sys.prefix, 'bin', exe)
 
             if (not os.path.isfile(path)) or (not os.access(path, os.X_OK)) or \
-               exe.startswith('python') or os.path.islink(path):
+               exe.startswith('python') or os.path.islink(path) or             \
+               exe.endswith('.pyc') or exe.endswith('.pyo'):
                 continue
 
-            with open(path, 'r') as f:
-                header = f.read(2)
-                if header != '#!':
-                    continue
-                content = f.read()
+            try:
+                with open(path, 'r') as f:
+                    header = f.read(2)
+                    if header != '#!':
+                        continue
+                    content = f.read()
+            except:
+                continue
 
             shebang, body = content.split(os.linesep, 1)
             shebang = shebang.split()