git-market/curl-curl
1
0
Fork 0
mirror of https://github.com/curl/curl.git synced 2026-04-11 12:01:42 +08:00
Code Issues Actions 14 Packages Projects Releases Wiki Activity

perl: harden external command invocations

Browse Source 
In `adddocsref.pl`, `checksrc-all.pl`, `singleuse.pl` and tests 307, 1013,
1022, 1275, 1707, 1708, 1710.

Closes #21097
This commit is contained in:
Viktor Szakats 2026-03-22 02:42:17 +01:00
parent a56ab9dbc8
commit 20914e3753
No known key found for this signature in database
11 changed files with 24 additions and 23 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
docs/examples/adddocsref.pl
View File

@ -28,6 +28,8 @@
use strict; use strict;
use warnings; use warnings;
use File::Copy;
my $docroot="https://curl.se/libcurl/c"; my $docroot="https://curl.se/libcurl/c";
for my $f (@ARGV) { for my $f (@ARGV) {
@ -56,6 +58,6 @@ for my $f (@ARGV) {
close(F); close(F);
close(NEW); close(NEW);
system("mv $f $f.org"); move($f, "$f.org");
system("mv $f.new $f"); move("$f.new", $f);
} }

5
scripts/checksrc-all.pl
View File

@ -13,7 +13,7 @@ use Cwd 'abs_path';
my @files; my @files;
my $is_git = 0; my $is_git = 0;
if(system('git rev-parse --is-inside-work-tree >/dev/null 2>&1') == 0) { if(system('git rev-parse --is-inside-work-tree >/dev/null 2>&1') == 0) {
@files = `git ls-files \"*.[ch]\"`; open(O, '-|', 'git', 'ls-files', '*.[ch]') || die; push @files, <O>; close(O);
$is_git = 1; $is_git = 1;
} }
else { else {
@ -33,7 +33,8 @@ my $anyfailed = 0;
for my $dir (@dirs) { for my $dir (@dirs) {
if($is_git) { if($is_git) {
@files = `git ls-files \"$dir/*.[ch]\"`; @files = ();
open(O, '-|', 'git', 'ls-files', "$dir/*.[ch]") || die; push @files, <O>; close(O);
chomp(@files); chomp(@files);
} }
else { else {

9
scripts/singleuse.pl
View File

@ -36,9 +36,9 @@
use strict; use strict;
use warnings; use warnings;
my $unittests=""; my @unittests;
if(@ARGV && $ARGV[0] eq "--unit") { if(@ARGV && $ARGV[0] eq "--unit") {
$unittests = "tests/unit "; push @unittests, 'tests/unit';
shift @ARGV; shift @ARGV;
} }
@ -167,7 +167,7 @@ my %api = (
sub doublecheck { sub doublecheck {
my ($f, $used) = @_; my ($f, $used) = @_;
open(F, "git grep -Fwle '$f' -- lib ${unittests}projects|"); open(F, '-|', 'git', 'grep', '-Fwle', $f, '--', 'lib', @unittests, 'projects');
my @also; my @also;
while(<F>) { while(<F>) {
my $e = $_; my $e = $_;
@ -182,8 +182,7 @@ sub doublecheck {
return @also; return @also;
} }
open(N, "nm $file|") || open(N, '-|', 'nm', $file) || die;
die;
my %exist; my %exist;
my %uses; my %uses;

2
tests/data/test1707
View File

@ -17,7 +17,7 @@ Verify curl -h --insecure
</name> </name>
<command type="perl"> <command type="perl">
%SRCDIR/test1707.pl %CURL --insecure %LOGDIR/help%TESTNUMBER ../docs/cmdline-opts/curl.txt %SRCDIR/test1707.pl %CURL --insecure ../docs/cmdline-opts/curl.txt
</command> </command>
</client> </client>

2
tests/data/test1708
View File

@ -17,7 +17,7 @@ Verify curl -h -F
</name> </name>
<command type="perl"> <command type="perl">
%SRCDIR/test1707.pl %CURL -F %LOGDIR/help%TESTNUMBER ../docs/cmdline-opts/curl.txt %SRCDIR/test1707.pl %CURL -F ../docs/cmdline-opts/curl.txt
</command> </command>
</client> </client>

2
tests/data/test1710
View File

@ -17,7 +17,7 @@ Verify curl -h --no-clobber
</name> </name>
<command type="perl"> <command type="perl">
%SRCDIR/test1707.pl %CURL --no-clobber %LOGDIR/help%TESTNUMBER ../docs/cmdline-opts/curl.txt %SRCDIR/test1707.pl %CURL --no-clobber ../docs/cmdline-opts/curl.txt
</command> </command>
</client> </client>

2
tests/libtest/test1013.pl
View File

@ -48,7 +48,7 @@ my @curl = split / /,$1;
# Read the output of curl-config # Read the output of curl-config
my @curl_config; my @curl_config;
open(CURLCONFIG, "sh $ARGV[0] --$what|") || die "Cannot get curl-config $what list\n"; open(CURLCONFIG, '-|', 'sh', $ARGV[0], "--$what") || die "Cannot get curl-config $what list\n";
while(<CURLCONFIG>) { while(<CURLCONFIG>) {
chomp; chomp;
$_ = lc($_) if($what eq "protocols"); # accept uppercase protocols in curl-config $_ = lc($_) if($what eq "protocols"); # accept uppercase protocols in curl-config

2
tests/libtest/test1022.pl
View File

@ -44,7 +44,7 @@ close CURL;
my $curlconfigversion; my $curlconfigversion;
# Read the output of curl-config --version/--vernum # Read the output of curl-config --version/--vernum
open(CURLCONFIG, "sh $ARGV[0] --$what|") || die "Cannot get curl-config --$what list\n"; open(CURLCONFIG, '-|', 'sh', $ARGV[0], "--$what") || die "Cannot get curl-config --$what list\n";
$_ = <CURLCONFIG>; $_ = <CURLCONFIG>;
chomp; chomp;
my $filever=$_; my $filever=$_;

2
tests/libtest/test307.pl
View File

@ -30,7 +30,7 @@ if($#ARGV != 0) {
print "Usage: $0 curl-executable\n"; print "Usage: $0 curl-executable\n";
exit 3; exit 3;
} }
if(!open(CURL, "$ARGV[0] -s --engine list|")) { if(!open(CURL, '-|', $ARGV[0], '-s', '--engine', 'list')) {
print "Cannot get SSL engine list\n"; print "Cannot get SSL engine list\n";
exit 2; exit 2;
} }

6
tests/test1275.pl
View File

@ -28,7 +28,11 @@ use warnings;
my $root=$ARGV[0] || ".."; my $root=$ARGV[0] || "..";
my @m = `git ls-files -- $root`; my @m;
if(open(O, '-|', 'git', 'ls-files', '--', $root)) {
push @m, <O>;
close(O);
}
my $errors = 0; my $errors = 0;

9
tests/test1707.pl
View File

@ -32,7 +32,6 @@ use warnings;
my $curl = shift @ARGV; my $curl = shift @ARGV;
my $opt = shift @ARGV; my $opt = shift @ARGV;
my $output = shift @ARGV;
my $txt = shift @ARGV; my $txt = shift @ARGV;
my $longopt; my $longopt;
@ -45,14 +44,10 @@ else {
} }
# first run the help command # first run the help command
system("$curl -h $opt > $output"); my @curlout; open(O, '-|', $curl, '-h', $opt) || die; push @curlout, <O>; close(O);
my @curlout;
open(O, "<$output");
push @curlout, <O>;
close(O);
# figure out the short+long option combo using -h all*/ # figure out the short+long option combo using -h all*/
open(C, "$curl -h all|"); open(C, '-|', $curl, '-h', 'all');
if($shortopt) { if($shortopt) {
while(<C>) { while(<C>) {
if(/^ +$opt, ([^ ]*)/) { if(/^ +$opt, ([^ ]*)/) {