util/lint/checkpatch: Untaint variables from env & command line
Jenkins is giving warnings due tainted variables from the environment and command line: Insecure $ENV{PATH} while running setgid at util/lint/checkpatch.pl line 907, <$conststructs> line 39. Insecure dependency in piped open while running setgid at util/lint/checkpatch.pl line 907, <$conststructs> line 39. This should fix those warnings. Change-Id: I6a09915d13547bf9a86c011d44cbcd39c46f3fec Signed-off-by: Martin Roth <martinroth@google.com> Reviewed-on: https://review.coreboot.org/21293 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Patrick Georgi <pgeorgi@google.com> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
This commit is contained in:
parent
aaebb415d7
commit
1f3daeab41
|
@ -59,6 +59,13 @@ my $conststructsfile = "$D/const_structs.checkpatch";
|
|||
my $color = 1;
|
||||
my $allow_c99_comments = 1;
|
||||
|
||||
# For coreboot jenkins
|
||||
# If taint mode is enabled, Untaint the path - files must be in /bin, /usr/bin or /usr/local/bin
|
||||
if ( ${^TAINT} ) {
|
||||
$ENV{'PATH'} = '/bin:/usr/bin:/usr/local/bin';
|
||||
delete @ENV{ 'IFS', 'CDPATH', 'ENV', 'BASH_ENV' };
|
||||
}
|
||||
|
||||
sub help {
|
||||
my ($exitcode) = @_;
|
||||
|
||||
|
@ -898,8 +905,9 @@ if ($git) {
|
|||
}
|
||||
|
||||
my $vname;
|
||||
for my $filename (@ARGV) {
|
||||
for my $f (@ARGV) {
|
||||
my $FILE;
|
||||
my ($filename) = ($f =~ /^(.*)$/);
|
||||
if ($git) {
|
||||
open($FILE, '-|', "git format-patch -M --stdout -1 $filename") ||
|
||||
die "$P: $filename: git format-patch failed - $!\n";
|
||||
|
|
Loading…
Reference in New Issue