• Thomas Haller's avatar
    contrib/checkpatch: avoid command injection in checkpatch.pl script · 5e66dcc6
    Thomas Haller authored
    The capture variables, $1, etc, are not valid unless the match
    succeeded, and they're not cleared, either.
    
        $ git checkout -B C origin/master && \
            echo XXXXX > f.txt && \
            git add f.txt && \
            git commit -m 'this commit does something()'
        Branch 'C' set up to track remote branch 'master' from 'origin'.
        Reset branch 'C'
        Your branch is up to date with 'origin/master'.
        sh: -c: line 0: syntax error near unexpected token `('
        sh: -c: line 0: `git log --abbrev=12 --pretty=format:"%h ('%s')" -1 does something() 2>/dev/null'
    
        >>> VALIDATE "a169a98e14 this commit does something()"
        (commit message):4: Commit 'does something()' does not seem to exist:
        > Subject: [PATCH] this commit does something()
    
        (commit message):4: Refer to the commit id properly: :
        > Subject: [PATCH] this commit does something()
    
        The patch does not validate.
    
    (cherry picked from commit d66a1ace)
    5e66dcc6
Name
Last commit
Last update
..
editors Loading commit data...
fedora Loading commit data...
scripts Loading commit data...
test Loading commit data...