For convenience, Project.git() supports passing either a list (good) or a string with whitespaces (bad). The latter is parsed with shlex.split()
This saves some typing but the caller has to be extremely careful to never use the shlex.split() convenience with unsanitized inputs.
Fixes commit 3ac600acaa11 ("git: clean west ref space after fetching") where the caller was not careful and concatenated update-ref -d with unsanitized input, possibly containing special characters as found in bug #679. Fix this bug by converting the string to a list.
While at it, look for a few other, frequent and risky invocations and convert their string argument to a list too. The following test hack was used to semi-automate the search for these other locations:
--- a/src/west/manifest.py
+++ b/src/west/manifest.py
@@ -897,6 +897,8 @@ class Project:
:param cwd: directory to run git in (default: ``self.abspath``)
'''
if isinstance(cmd, str):
+ print(cmd)
+ breakpoint()
cmd_list = shlex.split(cmd)
else:
cmd_list = list(cmd)
While at it, also convert to a list a couple non-risky but very frequent invocations. This speeds up the test hack above.
For convenience, Project.git() supports passing either a list (good) or a string with whitespaces (bad). The latter is parsed with shlex.split()
This saves some typing but the caller has to be extremely careful to never use the shlex.split() convenience with unsanitized inputs.
Fixes commit 3ac600acaa11 ("git: clean west ref space after fetching") where the caller was not careful and concatenated
update-ref -d
with unsanitized input, possibly containing special characters as found in bug #679. Fix this bug by converting the string to a list.While at it, look for a few other, frequent and risky invocations and convert their string argument to a list too. The following test hack was used to semi-automate the search for these other locations:
While at it, also convert to a list a couple non-risky but very frequent invocations. This speeds up the test hack above.