rdrgmnzs
commented
7 years ago Was going to attempt using XML::code escape() to see if there is a way to do all character escapes at once. Unfortunately ended up spending 4 hours on trying to get katello forklift to work so I could test things.
Not sure I'll have time this week but hopefully I can come back to this next weekend.
When including the RH OVAL XML option, there is an escape bug encountered for at least one errata, preventing the errata from being imported at all. The script continues on it's way so very easy to miss this in the output:
INFO: Creating errata for CESA-2012:0884 (Low CentOS openssh Update) (7 of 13) sh: line 26: prints: command not found sh: -c: line 27: syntax error near unexpected token
(' sh: -c: line 27:the problem and the SSH banner is now correctly displayed. (BZ#809619)' INFO: Command: erratum Description: creates a new erratum ...If we look at the RHSA for this errata: https://rhn.redhat.com/errata/RHSA-2012-0884.html we see that the details portion includes the string "\", which ends up in the OVAL XML file and causes problems when the script tries to escape the quotes but doesn't account for if there is already an escape character before the quote. So when pulp-admin tries to import the details, things are not properly escaped and we get a shell error.
The problem lies here: https://github.com/brdude/pulp_centos_errata_import/blob/master/errata_import.pl#L192
Adding another line to detect and escape this specific use case solves the problem. But it's too ugly a hack for me to file a PR:
#Escape quotes in the description$xml->{$advisory}->{description} =~ s/\"/\\\"/g;$xml->{$advisory}->{description} =~ s/\Q\\"\E/\\\\\\\"/g;