repoman: fix unsafe string interpolation (bug 699508)

Reported-by: Arfrever Frehtes Taifersar Arahesis <Arfrever@Apache.Org>
Bug: https://bugs.gentoo.org/699508
Signed-off-by: Zac Medico <zmedico@gentoo.org>

1 files changed, 4 insertions, 1 deletions

diff --git a/repoman/lib/repoman/modules/linechecks/controller.py b/repoman/lib/repoman/modules/linechecks/controller.py
index 7082a5d02..b468e348d 100644
--- a/repoman/lib/repoman/modules/linechecks/controller.py
+++ b/repoman/lib/repoman/modules/linechecks/controller.py
@@ -1,4 +1,6 @@
 
+from __future__ import unicode_literals
+
 import logging
 import operator
 import os
@@ -136,7 +138,8 @@ class LineCheckController(object):
 						if not ignore or not ignore.match(line):
 							e = lc.check(num, line)
 							if e:
-								yield lc.repoman_check_name, e % (num + 1)
+								# String interpolation on the variable e is unsafe because it can contain % characters.
+								yield lc.repoman_check_name, e.replace('on line: %d', 'on line: %d' % strnum + 1)
 
 		for lc in checks:
 			i = lc.end()