Page MenuHomeSoftware Heritage
Differential D474

Use proper parameter substitution.
ClosedPublic
Actions

Authored by vlorentz on Oct 4 2018, 11:10 AM.

Details

Reviewers
ardumont
moranegg
Group Reviewers
Reviewers
Commits
rDSNIPd712e80d3d33: Use proper parameter substitution.
Summary

This avoids bugs/vulnerability with filenames containing a quote.

Diff Detail

Repository
rDSNIP Code snippets
Lint
Automatic diff as part of commit; lint not applicable.
Unit
Automatic diff as part of commit; unit tests not applicable.

Event Timeline

vlorentz created this revision.Oct 4 2018, 11:10 AM
Herald added a reviewer: Reviewers. · View Herald TranscriptOct 4 2018, 11:10 AM
Harbormaster completed remote builds in B1503: Diff 1440.Oct 4 2018, 11:10 AM
vlorentz marked an inline comment as done.Oct 4 2018, 11:12 AM
vlorentz added inline comments.
morane/crossminer_launch.py
78

Note that the substitution is done inside this call, by psycopg itself, after parsing the query; instead of making the data directly in the code.

ardumont accepted this revision.Oct 4 2018, 11:14 AM
This revision is now accepted and ready to land.Oct 4 2018, 11:14 AM
Closed by commit rDSNIPd712e80d3d33: Use proper parameter substitution. (authored by vlorentz). · Explain WhyOct 4 2018, 11:32 AM
This revision was automatically updated to reflect the committed changes.

Revision Contents
Changeset List

PathSize
morane/
15 lines

Diff 1443

View Options

morane/crossminer_launch.py

Loading...
About · Developer information · Legal