search

csutils / csmock

A tool for static analysis, dynamic analysis, and formal verification of RPM packages
GNU General Public License v3.0
23 stars 20 forks source link

results: fix quoting in `handle_known_fp_list()` #183

Closed kdudka closed 1 month ago

kdudka commented 1 month ago

... by using shlex.quote() from standard Python library. This bug caused regular expressions with parentheses to be interpreted by shell:

/bin/sh: -c: line 1: syntax error near unexpected token `('

Also avoid using the open-coded shell_quote() function from util.py while printing shell commands in exec_cmd() because the function is rather problematic and should be eventually unimplemented.

Unfortunately, we cannot easily nest shlex.quote() while combining mock --chroot ... with su -c ... and the like because it results in totally unreadable scan.log.

Resolves: https://issues.redhat.com/browse/OSH-617

kdudka commented 1 month ago

@rhyw Thank you for the review and testing!