From a9868b2dfc553330a845c820c2850b03900d1def Mon Sep 17 00:00:00 2001 From: Martin Roth Date: Sat, 27 Jan 2018 17:31:42 -0700 Subject: [PATCH] util/lint/checkpatch.pl: Untaint filename This fixes the warning that is seen on the jenkins server: Insecure dependency in piped open while running setgid at util/lint/checkpatch.pl line 958. Change-Id: I476efa76ef6a275584a47ec0ecf2315948d53e9d Signed-off-by: Martin Roth Reviewed-on: https://review.coreboot.org/23473 Tested-by: build bot (Jenkins) Reviewed-by: Paul Menzel Reviewed-by: Arthur Heymans --- util/lint/checkpatch.pl | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/util/lint/checkpatch.pl b/util/lint/checkpatch.pl index e9a0cc46fd..c35a0d6e89 100755 --- a/util/lint/checkpatch.pl +++ b/util/lint/checkpatch.pl @@ -951,6 +951,10 @@ if ($git) { my $vname; for my $filename (@ARGV) { my $FILE; + + # coreboot: Mark filename as untainted + $filename =~ /^(.*)$/s or die; $filename = $1; + if ($git) { open($FILE, '-|', "git format-patch -M --stdout -1 $filename") || die "$P: $filename: git format-patch failed - $!\n";