mirror of
https://gitlab.freedesktop.org/NetworkManager/NetworkManager
synced 2024-10-14 12:05:03 +00:00
contrib/checkpatch: avoid command injection in checkpatch.pl script
The capture variables, $1, etc, are not valid unless the match succeeded, and they're not cleared, either. $ git checkout -B C origin/master && \ echo XXXXX > f.txt && \ git add f.txt && \ git commit -m 'this commit does something()' Branch 'C' set up to track remote branch 'master' from 'origin'. Reset branch 'C' Your branch is up to date with 'origin/master'. sh: -c: line 0: syntax error near unexpected token `(' sh: -c: line 0: `git log --abbrev=12 --pretty=format:"%h ('%s')" -1 does something() 2>/dev/null' >>> VALIDATE "a169a98e14 this commit does something()" (commit message):4: Commit 'does something()' does not seem to exist: > Subject: [PATCH] this commit does something() (commit message):4: Refer to the commit id properly: : > Subject: [PATCH] this commit does something() The patch does not validate.
This commit is contained in:
parent
e491b46800
commit
d66a1ace23
|
@ -101,12 +101,18 @@ sub complain
|
|||
sub check_commit
|
||||
{
|
||||
my $commit = shift;
|
||||
$commit =~ /^([0-9a-f]{5,})/;
|
||||
my $commit_id = $1;
|
||||
my $required = shift;
|
||||
my $commit_id;
|
||||
my $commit_message;
|
||||
|
||||
if ($commit =~ /^([0-9a-f]{5,})$/) {
|
||||
$commit_id = $1;
|
||||
} else {
|
||||
return unless $required;
|
||||
}
|
||||
|
||||
if ($commit_id and not system 'git rev-parse --git-dir >/dev/null 2>/dev/null') {
|
||||
$commit_message = `git log --abbrev=12 --pretty=format:"%h ('%s')" -1 $commit_id 2>/dev/null`;
|
||||
$commit_message = `git log --abbrev=12 --pretty=format:"%h ('%s')" -1 "$commit_id" 2>/dev/null`;
|
||||
complain "Commit '$commit_id' does not seem to exist" unless $commit_message;
|
||||
}
|
||||
|
||||
|
@ -141,10 +147,10 @@ if ($is_patch) {
|
|||
$check_line = 1;
|
||||
$line = $_;
|
||||
/^---$/ and $is_commit_message = 0;
|
||||
/^Fixes: *(.*)/ and check_commit ($1);
|
||||
/^Fixes: *(.*)/ and check_commit ($1, 1);
|
||||
/This reverts commit/ and next;
|
||||
/cherry picked from/ and next;
|
||||
/\bcommit (.*)/ and check_commit ($1);
|
||||
/\bcommit (.*)/ and check_commit ($1, 0);
|
||||
next;
|
||||
} else {
|
||||
# We don't handle these yet
|
||||
|
|
Loading…
Reference in a new issue