system/NetworkManager
system/NetworkManager
1
0
Fork 0
mirror of https://gitlab.freedesktop.org/NetworkManager/NetworkManager synced 2024-10-14 12:05:03 +00:00
Code Issues Packages Projects Releases Wiki Activity

contrib/checkpatch: avoid command injection in checkpatch.pl script

Browse source 
The capture variables, $1, etc, are not valid unless the match
succeeded, and they're not cleared, either.

    $ git checkout -B C origin/master && \
        echo XXXXX > f.txt && \
        git add f.txt && \
        git commit -m 'this commit does something()'
    Branch 'C' set up to track remote branch 'master' from 'origin'.
    Reset branch 'C'
    Your branch is up to date with 'origin/master'.
    sh: -c: line 0: syntax error near unexpected token `('
    sh: -c: line 0: `git log --abbrev=12 --pretty=format:"%h ('%s')" -1 does something() 2>/dev/null'

    >>> VALIDATE "a169a98e14 this commit does something()"
    (commit message):4: Commit 'does something()' does not seem to exist:
    > Subject: [PATCH] this commit does something()

    (commit message):4: Refer to the commit id properly: :
    > Subject: [PATCH] this commit does something()

    The patch does not validate.
This commit is contained in:
Thomas Haller 2019-03-18 11:34:22 +01:00
parent e491b46800
commit d66a1ace23
1 changed files with 11 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

16
contrib/scripts/checkpatch.pl
View file

@ -101,12 +101,18 @@ sub complain
sub check_commit
{
my $commit = shift;
$commit =~ /^([0-9a-f]{5,})/;
my $commit_id = $1;
my $required = shift;
my $commit_id;
my $commit_message;
if ($commit =~ /^([0-9a-f]{5,})$/) {
$commit_id = $1;
} else {
return unless $required;
}
if ($commit_id and not system 'git rev-parse --git-dir >/dev/null 2>/dev/null') {
$commit_message = `git log --abbrev=12 --pretty=format:"%h ('%s')" -1 $commit_id 2>/dev/null`;
$commit_message = `git log --abbrev=12 --pretty=format:"%h ('%s')" -1 "$commit_id" 2>/dev/null`;
complain "Commit '$commit_id' does not seem to exist" unless $commit_message;
}
@ -141,10 +147,10 @@ if ($is_patch) {
$check_line = 1;
$line = $_;
/^---$/ and $is_commit_message = 0;
/^Fixes: *(.*)/ and check_commit ($1);
/^Fixes: *(.*)/ and check_commit ($1, 1);
/This reverts commit/ and next;
/cherry picked from/ and next;
/\bcommit (.*)/ and check_commit ($1);
/\bcommit (.*)/ and check_commit ($1, 0);
next;
} else {
# We don't handle these yet