Commit d66a1ace authored by Thomas Haller's avatar Thomas Haller

contrib/checkpatch: avoid command injection in checkpatch.pl script

The capture variables, $1, etc, are not valid unless the match
succeeded, and they're not cleared, either.

    $ git checkout -B C origin/master && \
        echo XXXXX > f.txt && \
        git add f.txt && \
        git commit -m 'this commit does something()'
    Branch 'C' set up to track remote branch 'master' from 'origin'.
    Reset branch 'C'
    Your branch is up to date with 'origin/master'.
    sh: -c: line 0: syntax error near unexpected token `('
    sh: -c: line 0: `git log --abbrev=12 --pretty=format:"%h ('%s')" -1 does something() 2>/dev/null'

    >>> VALIDATE "a169a98e14 this commit does something()"
    (commit message):4: Commit 'does something()' does not seem to exist:
    > Subject: [PATCH] this commit does something()

    (commit message):4: Refer to the commit id properly: :
    > Subject: [PATCH] this commit does something()

    The patch does not validate.
parent e491b468
Pipeline #24674 canceled with stages