Skip to content

Commit

Permalink
Don't mask rpm2cpio failure in Pkg._extract_rpm()
Browse files Browse the repository at this point in the history
  • Loading branch information
@dmach
dmach committed Aug 12, 2024
1 parent b756e42 commit 42cdb0d
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion rpmlint/pkg.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -610,7 +610,7 @@ def _extract_rpm(self, dirname, verbose):
subprocess.check_output('rpm2archive - | tar -xz && chmod -R +rX .', shell=True, env=ENGLISH_ENVIRONMENT,
stderr=stderr, stdin=rpm_data)
else:
command_str = f'rpm2cpio {quote(str(filename))} | cpio -id ; chmod -R +rX .'
command_str = f'rpm2cpio {quote(str(filename))} | cpio -id && chmod -R +rX .'

Check warning

Code scanning / CodeQL

Unsafe shell command constructed from library input Medium

This f-string which depends on
library input
Loading
is later used in a
shell command
Loading
.
This f-string which depends on
library input
Loading
is later used in a
shell command
Loading
.
This f-string which depends on
library input
Loading
is later used in a
shell command
Loading
.
This f-string which depends on
library input
Loading
is later used in a
shell command
Loading
.
This f-string which depends on
library input
Loading
is later used in a
shell command
Loading
.
This f-string which depends on
library input
Loading
is later used in a
shell command
Loading
.
This f-string which depends on
library input
Loading
is later used in a
shell command
Loading
.
subprocess.check_output(command_str, shell=True, env=ENGLISH_ENVIRONMENT, stderr=stderr)
self.extracted = True
return dirname
Expand Down

0 comments on commit 42cdb0d

Please sign in to comment.