diff options
| author | Martin Roth <martinroth@google.com> | 2018-01-27 17:31:42 -0700 |
|---|---|---|
| committer | Martin Roth <martinroth@google.com> | 2018-01-29 15:34:59 +0000 |
| commit | a9868b2dfc553330a845c820c2850b03900d1def (patch) | |
| tree | f38154748fa83700736c3f07c65fa56a4cc781f1 /util/lint/checkpatch.pl | |
| parent | 0f68b23aafc102926ccc833b228d098f5613f3e8 (diff) | |
| download | coreboot-a9868b2dfc553330a845c820c2850b03900d1def.tar.gz coreboot-a9868b2dfc553330a845c820c2850b03900d1def.tar.bz2 coreboot-a9868b2dfc553330a845c820c2850b03900d1def.zip | |
util/lint/checkpatch.pl: Untaint filename
This fixes the warning that is seen on the jenkins server:
Insecure dependency in piped open while running setgid at
util/lint/checkpatch.pl line 958.
Change-Id: I476efa76ef6a275584a47ec0ecf2315948d53e9d
Signed-off-by: Martin Roth <martinroth@google.com>
Reviewed-on: https://review.coreboot.org/23473
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Paul Menzel <paulepanter@users.sourceforge.net>
Reviewed-by: Arthur Heymans <arthur@aheymans.xyz>
Diffstat (limited to 'util/lint/checkpatch.pl')
| -rwxr-xr-x | util/lint/checkpatch.pl | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/util/lint/checkpatch.pl b/util/lint/checkpatch.pl index e9a0cc46fdb4..c35a0d6e89da 100755 --- a/util/lint/checkpatch.pl +++ b/util/lint/checkpatch.pl @@ -951,6 +951,10 @@ if ($git) { my $vname; for my $filename (@ARGV) { my $FILE; + + # coreboot: Mark filename as untainted + $filename =~ /^(.*)$/s or die; $filename = $1; + if ($git) { open($FILE, '-|', "git format-patch -M --stdout -1 $filename") || die "$P: $filename: git format-patch failed - $!\n"; |