chiark / gitweb /
~ianmdlvl / fdroidserver.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 07cdf84) | patch
shell=True is too dangerous to allow; there are unfiltered user inputs
authorHans-Christoph Steiner <hans@eds.org>
Tue, 23 Jan 2018 22:56:15 +0000 (23:56 +0100)
committerHans-Christoph Steiner <hans@eds.org>
Fri, 26 Jan 2018 09:18:41 +0000 (10:18 +0100)
commitb851d49d245b289b8e447e4211f78b203bbbd4c9
tree40b969917509370d30c09b72f131c8dab83b8f31tree | snapshot
parent07cdf848d71fc5cd4a3cc4ceda1ecf2b3b8c5a99commit | diff
shell=True is too dangerous to allow; there are unfiltered user inputs

There are all sorts of unfiltered user inputs like tag and branch names in
source repos.  If those names are fed into popen calls that use shell=True,
that opens up a wide range of exploits.  All core operations should never
use shell=True.
fdroidserver/build.py diff | blob | history
fdroidserver/vmtools.py diff | blob | history
hooks/pre-commit diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.