diff options
author | Chris St. Pierre <chris.a.st.pierre@gmail.com> | 2011-08-05 08:24:22 -0400 |
---|---|---|
committer | Chris St. Pierre <chris.a.st.pierre@gmail.com> | 2011-08-05 08:24:22 -0400 |
commit | f4a35efec1b6a1e54d61cf1b8bfc83dd1d89eef7 (patch) | |
tree | 9c2a8c8daf8250c0aca46761381fe53488c3f839 /src/lib/Server/Plugins/Svn.py | |
parent | ed85e40bcbce07cc5e2d67b985e48c836d0a9079 (diff) | |
download | bcfg2-f4a35efec1b6a1e54d61cf1b8bfc83dd1d89eef7.tar.gz bcfg2-f4a35efec1b6a1e54d61cf1b8bfc83dd1d89eef7.tar.bz2 bcfg2-f4a35efec1b6a1e54d61cf1b8bfc83dd1d89eef7.zip |
fixed security bugs with unescaped input to the shell
Diffstat (limited to 'src/lib/Server/Plugins/Svn.py')
-rw-r--r-- | src/lib/Server/Plugins/Svn.py | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/src/lib/Server/Plugins/Svn.py b/src/lib/Server/Plugins/Svn.py index cb4ab649b..a127d0273 100644 --- a/src/lib/Server/Plugins/Svn.py +++ b/src/lib/Server/Plugins/Svn.py @@ -35,7 +35,7 @@ class Svn(Bcfg2.Server.Plugin.Plugin, """Read svn revision information for the Bcfg2 repository.""" try: data = Popen(("env LC_ALL=C svn info %s" % - (self.datastore)), shell=True, + pipes.quote(self.datastore)), shell=True, stdout=PIPE).communicate()[0].split('\n') return [line.split(': ')[1] for line in data \ if line[:9] == 'Revision:'][-1] |