[PATCH][kteam-tools 2/2] maint-startnewrelease: add --pool flag

Marcelo Cerri marcelo.cerri at canonical.com
Fri Apr 28 17:11:27 UTC 2017


On Fri, Apr 28, 2017 at 11:44:34AM +0100, Andy Whitcroft wrote:
> On Fri, Apr 28, 2017 at 02:08:48AM -0300, Marcelo Henrique Cerri wrote:
> > +	for repo in opts.additional_repos:
> > +		cmd += " --pool '%s'" % repo
> 
> That is vunerable to ' injection on the command line.  Then again they
> could just run it direct.

I can reject any URL containing ' or replace it with %27. But do you
think it's really necessary?

-- 
Regards,
Marcelo





More information about the kernel-team mailing list