NextGraph
/
rocksdb
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Update RocksDBCommonHelper to use escapeshellarg

Browse Source 
Summary:
Most of the data used here in shell commands is not generated directly from user input but some data (ie: from environment variables) may have been external influenced. It is a good practice to escape this data before using it in a shell command.

Originally D4800264 but we never quite got it merged.

Reviewed By: yiwu-arbug

Differential Revision: D5595052

fbshipit-source-id: c09d8b47fe35fc6a47afb4933ccad9d56ca8d7be
main
Neal Poole 7 years ago committed by Facebook Github Bot
parent e367774d19
commit dfa6c23c4b
1 changed files with 31 additions and 19 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 50
      build_tools/RocksDBCommonHelper.php

50
build_tools/RocksDBCommonHelper.php
Unescape View File

@ -21,11 +21,17 @@ function postURL($diffID, $url) {
assert(is_numeric($diffID)); assert(is_numeric($diffID));
assert(strlen($url) > 0); assert(strlen($url) > 0);
$cmd = 'echo \'{"diff_id": ' . $diffID . ', ' $cmd_args = array(
. '"name":"click here for sandcastle tests for D' . $diffID . '", ' 'diff_id' => (int)$diffID,
. '"link":"' . $url . '"}\' | ' 'name' => sprintf(
. 'arc call-conduit ' 'click here for sandcastle tests for D%d',
. 'differential.updateunitresults'; (int)$diffID
),
'link' => $url
);
$cmd = 'echo ' . escapeshellarg(json_encode($cmd_args))
. ' | arc call-conduit differential.updateunitresults';
shell_exec($cmd); shell_exec($cmd);
} }
@ -35,11 +41,15 @@ function buildUpdateTestStatusCmd($diffID, $test, $status) {
assert(strlen($test) > 0); assert(strlen($test) > 0);
assert(strlen($status) > 0); assert(strlen($status) > 0);
$cmd = 'echo \'{"diff_id": ' . $diffID . ', ' $cmd_args = array(
. '"name":"' . $test . '", ' 'diff_id' => (int)$diffID,
. '"result":"' . $status . '"}\' | ' 'name' => $test,
. 'arc call-conduit ' 'result' => $status
. 'differential.updateunitresults'; );
$cmd = 'echo ' . escapeshellarg(json_encode($cmd_args))
. ' | arc call-conduit differential.updateunitresults';
return $cmd; return $cmd;
} }
@ -68,7 +78,7 @@ function getSteps($applyDiff, $diffID, $username, $test) {
// and authenticate using that in Sandcastle. // and authenticate using that in Sandcastle.
$setup = array( $setup = array(
"name" => "Setup arcrc", "name" => "Setup arcrc",
"shell" => "echo " . $arcrc_content . " | base64 --decode" "shell" => "echo " . escapeshellarg($arcrc_content) . " | base64 --decode"
. " | gzip -d > ~/.arcrc", . " | gzip -d > ~/.arcrc",
"user" => "root" "user" => "root"
); );
@ -114,7 +124,7 @@ function getSteps($applyDiff, $diffID, $username, $test) {
$patch = array( $patch = array(
"name" => "Patch " . $diffID, "name" => "Patch " . $diffID,
"shell" => "arc --arcrc-file ~/.arcrc " "shell" => "arc --arcrc-file ~/.arcrc "
. "patch --nocommit --diff " . $diffID, . "patch --nocommit --diff " . escapeshellarg($diffID),
"user" => "root" "user" => "root"
); );
@ -125,8 +135,8 @@ function getSteps($applyDiff, $diffID, $username, $test) {
} }
// Run the actual command. // Run the actual command.
$cmd = $cmd . "J=$(nproc) ./build_tools/precommit_checker.py " . $test $cmd = $cmd . "J=$(nproc) ./build_tools/precommit_checker.py " .
. "; exit_code=$?; "; escapeshellarg($test) . "; exit_code=$?; ";
if ($applyDiff) { if ($applyDiff) {
$cmd = $cmd . "([[ \$exit_code -eq 0 ]] &&" $cmd = $cmd . "([[ \$exit_code -eq 0 ]] &&"
@ -159,7 +169,7 @@ function getSteps($applyDiff, $diffID, $username, $test) {
"name" => "Run " . $test, "name" => "Run " . $test,
"shell" => $cmd, "shell" => $cmd,
"user" => "root", "user" => "root",
"parser" => "python build_tools/error_filter.py " . $test, "parser" => "python build_tools/error_filter.py " . escapeshellarg($test),
); );
$steps[] = $run_test; $steps[] = $run_test;
@ -207,7 +217,7 @@ function getSandcastleConfig() {
if (file_exists(PRIMARY_TOKEN_FILE)) { if (file_exists(PRIMARY_TOKEN_FILE)) {
$cmd = 'cat ' . PRIMARY_TOKEN_FILE; $cmd = 'cat ' . PRIMARY_TOKEN_FILE;
} else { } else {
$cmd = 'cat ' . $cwd_token_file; $cmd = 'cat ' . escapeshellarg($cwd_token_file);
} }
assert(strlen($cmd) > 0); assert(strlen($cmd) > 0);
@ -331,9 +341,11 @@ function getSandcastleConfig() {
$app = $sandcastle_config[0]; $app = $sandcastle_config[0];
$token = $sandcastle_config[1]; $token = $sandcastle_config[1];
$cmd = 'curl -s -k -F app=' . $app . ' ' $cmd = 'curl -s -k '
. '-F token=' . $token . ' -F job=\'' . json_encode($job) . ' -F app=' . escapeshellarg($app)
.'\' "' . $url . '"'; . ' -F token=' . escapeshellarg($token)
. ' -F job=' . escapeshellarg(json_encode($job))
.' ' . escapeshellarg($url);
$output = shell_exec($cmd); $output = shell_exec($cmd);
assert(strlen($output) > 0); assert(strlen($output) > 0);

Write Preview
Loading…
Cancel
Save