Bug 1283101 - pyrpkg.Commands.commit() does not quote commit message
pyrpkg.Commands.commit() does not quote commit message
Status: NEW
Product: Fedora EPEL
Classification: Fedora
Component: rpkg (Show other bugs)
epel7
Unspecified Unspecified
high Severity urgent
: ---
: ---
Assigned To: Dennis Gilmore
Fedora Extras Quality Assurance
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2015-11-18 04:36 EST by Miroslav Suchý
Modified: 2015-11-18 04:37 EST (History)
3 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed:
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Miroslav Suchý 2015-11-18 04:36:51 EST
Description of problem:
It seems that Commands.commit() message pass the message to system unquoted.
I can only imagine what will happen if you pass as message ";rm -rf /"...

This is what  I get when I pass "Importing of forestdb":

Traceback (most recent call last):
  File "/usr/share/copr/dist_git/srpm_import.py", line 91, in actual_do_git_srpm_import
    commands.commit(message)
  File "/usr/lib/python2.7/site-packages/pyrpkg/__init__.py", line 1282, in commit
    self._run_command(cmd, cwd=self.path)
  File "/usr/lib/python2.7/site-packages/pyrpkg/__init__.py", line 903, in _run_command
    % (' '.join(cmd), proc.returncode, error))
rpkgError: Command git commit -m Import of forestdb 0.0.0-1013.gee2791a.el7.centos -a returned code 1 with error:


Version-Release number of selected component (if applicable):
pyrpkg-1.35-2.el7.noarch

How reproducible:
always

Steps to Reproduce:

from pyrpkg import Commands
commands = Commands(path=repo_dir,
                        lookaside="",
                        lookasidehash="md5",
                        lookaside_cgi="",
                        gitbaseurl=git_base_url,
                        anongiturl="",
                        branchre="",
                        kojiconfig="",
                        build_client="")
upload_files = commands.import_srpm(src_filepath)
commands.upload(upload_files, replace=True)
commands.commit("This will fail")

Note You need to log in before you can comment on or make changes to this bug.