[PATCH][kteam-tools 2/2] maint-startnewrelease: add --pool flag
Marcelo Cerri
marcelo.cerri at canonical.com
Fri Apr 28 17:11:27 UTC 2017
On Fri, Apr 28, 2017 at 11:44:34AM +0100, Andy Whitcroft wrote:
> On Fri, Apr 28, 2017 at 02:08:48AM -0300, Marcelo Henrique Cerri wrote:
> > + for repo in opts.additional_repos:
> > + cmd += " --pool '%s'" % repo
>
> That is vunerable to ' injection on the command line. Then again they
> could just run it direct.
I can reject any URL containing ' or replace it with %27. But do you
think it's really necessary?
--
Regards,
Marcelo
More information about the kernel-team
mailing list