1
0
Fork 0
mirror of https://we.phorge.it/source/arcanist.git synced 2024-11-22 14:52:40 +01:00

Fix dynamic string usage as safe input

Summary: This fixes some real issues.

Test Plan:
  $ arc lint

Reviewers: epriestley

Reviewed By: epriestley

CC: aran, Korvin, btrahan

Differential Revision: https://secure.phabricator.com/D4795
This commit is contained in:
vrana 2013-02-02 13:07:39 -08:00
parent 03199df925
commit a9e316bf9c
9 changed files with 28 additions and 24 deletions

View file

@ -38,7 +38,9 @@ final class ArcanistDiffUtils {
Filesystem::writeFile($file_new, (string)$new."\n");
list($err, $stdout) = exec_manual(
"/usr/bin/diff {$diff_options} -U {$context_lines} %s %s",
'/usr/bin/diff %C -U %s %s %s',
$diff_options,
$context_lines,
$file_old,
$file_new);

View file

@ -395,9 +395,8 @@ final class ArcanistHgProxyServer {
// NOTE: "cmdserver.log=-" makes Mercurial use the 'd'ebug channel for
// log messages.
$command = 'HGPLAIN=1 hg --config cmdserver.log=- serve --cmdserver pipe';
$future = new ExecFuture($command);
$future = new ExecFuture(
'HGPLAIN=1 hg --config cmdserver.log=- serve --cmdserver pipe');
$future->setCWD($this->workingCopy);
$channel = new PhutilExecChannel($future);

View file

@ -102,8 +102,10 @@ final class ArcanistJSHintLinter extends ArcanistLinter {
}
// Look for globally installed JSHint
$cmd = (phutil_is_windows()) ? 'where %s' : 'which %s';
list($err) = exec_manual($cmd, $bin);
list($err) = (phutil_is_windows()
? exec_manual('where %s', $bin)
: exec_manual('which %s', $bin));
if ($err) {
throw new ArcanistUsageException(
"JSHint does not appear to be installed on this system. Install it ".

View file

@ -60,8 +60,10 @@ final class ArcanistPyFlakesLinter extends ArcanistLinter {
$options = $this->getPyFlakesOptions();
$f = new ExecFuture(
"/usr/bin/env PYTHONPATH=%s\$PYTHONPATH ".
"{$pyflakes_bin} {$options}", $python_path);
'/usr/bin/env PYTHONPATH=%s$PYTHONPATH %s %C',
$python_path,
$pyflakes_bin,
$options);
$f->write($this->getData($path));
try {

View file

@ -206,9 +206,11 @@ final class ArcanistPyLintLinter extends ArcanistLinter {
try {
list($stdout, $_) = execx(
"/usr/bin/env PYTHONPATH=%s\$PYTHONPATH ".
"{$pylint_bin} {$options} {$path_on_disk}",
$python_path);
'/usr/bin/env PYTHONPATH=%s$PYTHONPATH %s %C %s',
$python_path,
$pylint_bin,
$options,
$path_on_disk);
} catch (CommandException $e) {
if ($e->getError() == 32) {
// According to ##man pylint## the exit status of 32 means there was a

View file

@ -157,7 +157,7 @@ final class ArcanistBaseCommitParser {
$matches = null;
if (preg_match('/^exec\((.*)\)$/', $name, $matches)) {
$root = $this->api->getWorkingCopyIdentity()->getProjectRoot();
$future = new ExecFuture($matches[1]);
$future = new ExecFuture('%C', $matches[1]);
$future->setCWD($root);
list($err, $stdout) = $future->resolve();
if (!$err) {

View file

@ -101,17 +101,15 @@ final class ArcanistBundle {
$path = Filesystem::resolvePath($path);
$future = new ExecFuture(
csprintf(
'tar tfO %s',
$path));
$path);
list($stdout, $file_list) = $future->resolvex();
$file_list = explode("\n", trim($file_list));
if (in_array('meta.json', $file_list)) {
$future = new ExecFuture(
csprintf(
'tar xfO %s meta.json',
$path));
$path);
$meta_info = $future->resolveJSON();
$version = idx($meta_info, 'version', 0);
$project_name = idx($meta_info, 'projectName');
@ -130,9 +128,8 @@ final class ArcanistBundle {
}
$future = new ExecFuture(
csprintf(
'tar xfO %s changes.json',
$path));
$path);
$changes = $future->resolveJSON();
foreach ($changes as $change_key => $change) {

View file

@ -25,8 +25,8 @@ EOTEXT
public function run() {
phutil_passthru(
dirname(phutil_get_library_root('arcanist')) . '/scripts/breakout.py'
);
'%s/scripts/breakout.py',
dirname(phutil_get_library_root('arcanist')));
}
}

View file

@ -868,7 +868,7 @@ EOTEXT
fwrite(STDERR, "Reading diff from stdin...\n");
$raw_diff = file_get_contents('php://stdin');
} else if ($this->getArgument('raw-command')) {
list($raw_diff) = execx($this->getArgument('raw-command'));
list($raw_diff) = execx('%C', $this->getArgument('raw-command'));
} else {
throw new Exception("Unknown raw diff source.");
}