MIRRORS/layerindex-web
1
0
Fork 0
mirror of git://git.yoctoproject.org/layerindex-web.git synced 2025-07-05 13:14:46 +02:00
Code Issues Actions Packages Projects Releases Wiki Activity

More shell quoting

Browse Source 
Strengthen things a little where shell=True is still being used.
(For the most part input that passes through here would already be
sanitised, but let's be careful anyway).

Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
This commit is contained in:
Paul Eggleton 2019-05-01 10:03:14 +12:00
parent 3c844beab2
commit 3cea37be47
2 changed files with 3 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
layerindex/tasks.py
View File

@ -11,6 +11,7 @@ from . import utils
import os import os
import time import time
import subprocess import subprocess
import shlex
from datetime import datetime from datetime import datetime
try: try:
@ -44,7 +45,7 @@ def run_update_command(self, branch_name, update_command):
shell = False shell = False
if isinstance(update_command, str): if isinstance(update_command, str):
update_command = update_command.replace('%update%', str(updateobj.id)) update_command = update_command.replace('%update%', str(updateobj.id))
update_command = update_command.replace('%branch%', branch_name) update_command = update_command.replace('%branch%', shlex.quote(branch_name))
shell = True shell = True
try: try:
os.makedirs(settings.TASK_LOG_DIR) os.makedirs(settings.TASK_LOG_DIR)

1
layerindex/tools/import_otherdistro.py
View File

@ -19,6 +19,7 @@ import glob
import shutil import shutil
import subprocess import subprocess
import string import string
import shlex
from distutils.version import LooseVersion from distutils.version import LooseVersion
sys.path.insert(0, os.path.realpath(os.path.join(os.path.dirname(__file__), '..'))) sys.path.insert(0, os.path.realpath(os.path.join(os.path.dirname(__file__), '..')))