diff options
author | Zac Medico <zmedico@gentoo.org> | 2019-11-07 20:52:42 -0800 |
---|---|---|
committer | Zac Medico <zmedico@gentoo.org> | 2019-11-07 20:54:37 -0800 |
commit | d156784fd7557e8f5ce8a6de5cd3a6a38a78e436 (patch) | |
tree | 3744cda162e64742822c11df432d3bf743855e0a | |
parent | repoman: ebuild.absdosym check: Detect absolute paths starting with ${D}, ${ED} etc. (diff) | |
download | gentoo-portage-d156784fd7557e8f5ce8a6de5cd3a6a38a78e436.tar.xz gentoo-portage-d156784fd7557e8f5ce8a6de5cd3a6a38a78e436.zip |
repoman: fix unsafe string interpolation (bug 699508)
Reported-by: Arfrever Frehtes Taifersar Arahesis <Arfrever@Apache.Org>
Bug: https://bugs.gentoo.org/699508
Signed-off-by: Zac Medico <zmedico@gentoo.org>
-rw-r--r-- | repoman/lib/repoman/modules/linechecks/controller.py | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/repoman/lib/repoman/modules/linechecks/controller.py b/repoman/lib/repoman/modules/linechecks/controller.py index 7082a5d02..b468e348d 100644 --- a/repoman/lib/repoman/modules/linechecks/controller.py +++ b/repoman/lib/repoman/modules/linechecks/controller.py @@ -1,4 +1,6 @@ +from __future__ import unicode_literals + import logging import operator import os @@ -136,7 +138,8 @@ class LineCheckController(object): if not ignore or not ignore.match(line): e = lc.check(num, line) if e: - yield lc.repoman_check_name, e % (num + 1) + # String interpolation on the variable e is unsafe because it can contain % characters. + yield lc.repoman_check_name, e.replace('on line: %d', 'on line: %d' % strnum + 1) for lc in checks: i = lc.end() |