[Git][reproducible-builds/diffoscope][master] Drop the (default) subprocess.Popen(shell=False) keyword argument so that the...
Chris Lamb
gitlab at salsa.debian.org
Wed May 27 09:26:03 UTC 2020
Chris Lamb pushed to branch master at Reproducible Builds / diffoscope
Commits:
39c9831c by Chris Lamb at 2020-05-27T10:25:29+01:00
Drop the (default) subprocess.Popen(shell=False) keyword argument so that the more unsafe shell=True is more obvious.
- - - - -
18 changed files:
- diffoscope/changes.py
- diffoscope/comparators/apk.py
- diffoscope/comparators/bzip2.py
- diffoscope/comparators/cbfs.py
- diffoscope/comparators/dex.py
- diffoscope/comparators/directory.py
- diffoscope/comparators/elf.py
- diffoscope/comparators/gzip.py
- diffoscope/comparators/iso9660.py
- diffoscope/comparators/lz4.py
- diffoscope/comparators/ppu.py
- diffoscope/comparators/rpm.py
- diffoscope/comparators/utils/command.py
- diffoscope/comparators/utils/file.py
- diffoscope/comparators/xz.py
- diffoscope/comparators/zst.py
- tests/comparators/test_binary.py
- tests/comparators/test_cbfs.py
Changes:
=====================================
diffoscope/changes.py
=====================================
@@ -255,7 +255,7 @@ class Changes:
pipe = subprocess.Popen(
["gpg", "--status-fd", "1", "--verify", "--batch",
self.get_changes_file()],
- shell=False, stdout=subprocess.PIPE, stderr=subprocess.PIPE)
+ stdout=subprocess.PIPE, stderr=subprocess.PIPE)
gpg_output, gpg_output_stderr = pipe.communicate()
if pipe.returncode != 0:
=====================================
diffoscope/comparators/apk.py
=====================================
@@ -65,7 +65,6 @@ class ApkContainer(Archive):
self._unpacked,
self.source.path,
),
- shell=False,
stderr=None,
stdout=subprocess.PIPE,
)
=====================================
diffoscope/comparators/bzip2.py
=====================================
@@ -47,7 +47,6 @@ class Bzip2Container(Archive):
with open(dest_path, "wb") as fp:
subprocess.check_call(
["bzip2", "--decompress", "--stdout", self.source.path],
- shell=False,
stdout=fp,
stderr=subprocess.PIPE,
)
=====================================
diffoscope/comparators/cbfs.py
=====================================
@@ -54,7 +54,7 @@ class CbfsContainer(Archive):
@tool_required("cbfstool")
def entries(self, path):
cmd = ["cbfstool", path, "print"]
- output = subprocess.check_output(cmd, shell=False).decode("utf-8")
+ output = subprocess.check_output(cmd).decode("utf-8")
header = True
for line in output.rstrip("\n").split("\n"):
if header:
@@ -89,7 +89,7 @@ class CbfsContainer(Archive):
]
logger.debug("cbfstool extract %s to %s", member_name, dest_path)
subprocess.check_call(
- cmd, shell=False, stdout=subprocess.PIPE, stderr=subprocess.DEVNULL
+ cmd, stdout=subprocess.PIPE, stderr=subprocess.DEVNULL
)
return dest_path
=====================================
diffoscope/comparators/dex.py
=====================================
@@ -51,7 +51,6 @@ class DexContainer(Archive):
logger.debug("dex extracting to %s", dest_path)
subprocess.check_call(
["enjarify", "-o", dest_path, self.source.path],
- shell=False,
stderr=None,
stdout=subprocess.PIPE,
)
=====================================
diffoscope/comparators/directory.py
=====================================
@@ -99,7 +99,7 @@ def lsattr(path):
try:
output = subprocess.check_output(
- ["lsattr", "-d", path], shell=False, stderr=subprocess.STDOUT
+ ["lsattr", "-d", path], stderr=subprocess.STDOUT
).decode("utf-8")
return output.split()[0]
except subprocess.CalledProcessError as e:
=====================================
diffoscope/comparators/elf.py
=====================================
@@ -171,7 +171,6 @@ class ReadElfSection(Readelf):
if not hasattr(ReadElfSection, "_base_options"):
output = subprocess.check_output(
[get_tool_name("readelf"), "--help"],
- shell=False,
stderr=subprocess.DEVNULL,
).decode("us-ascii", errors="replace")
=====================================
diffoscope/comparators/gzip.py
=====================================
@@ -48,7 +48,6 @@ class GzipContainer(Archive):
with open(dest_path, "wb") as fp:
subprocess.check_call(
["gzip", "--decompress", "--stdout", self.source.path],
- shell=False,
stdout=fp,
stderr=None,
)
=====================================
diffoscope/comparators/iso9660.py
=====================================
@@ -40,7 +40,6 @@ def get_iso9660_names(path):
"-i",
path,
),
- shell=False,
)
.strip()
.split("\n")
=====================================
diffoscope/comparators/lz4.py
=====================================
@@ -47,10 +47,7 @@ class Lz4Container(Archive):
logger.debug("lz4 extracting to %s", dest_path)
with open(dest_path, "wb") as fp:
subprocess.check_call(
- ["lz4", "-d", "-c", self.source.path],
- shell=False,
- stdout=fp,
- stderr=None,
+ ["lz4", "-d", "-c", self.source.path], stdout=fp, stderr=None,
)
return dest_path
=====================================
diffoscope/comparators/ppu.py
=====================================
@@ -80,7 +80,6 @@ class PpuFile(File):
with profile("command", "ppudump"):
subprocess.check_output(
["ppudump", "-vh", file.path],
- shell=False,
stderr=subprocess.STDOUT,
)
PpuFile.ppu_version = ppu_version
=====================================
diffoscope/comparators/rpm.py
=====================================
@@ -102,9 +102,7 @@ class RpmContainer(Archive):
dest_path = os.path.join(dest_dir, "content")
cmd = ["rpm2cpio", self.source.path]
with open(dest_path, "wb") as dest:
- subprocess.check_call(
- cmd, shell=False, stdout=dest, stderr=subprocess.PIPE
- )
+ subprocess.check_call(cmd, stdout=dest, stderr=subprocess.PIPE)
return dest_path
=====================================
diffoscope/comparators/utils/command.py
=====================================
@@ -46,7 +46,6 @@ class Command(metaclass=abc.ABCMeta):
# don't) shell is still the most readable option for composing processes
self._process = subprocess.run(
self.cmdline(),
- shell=False,
close_fds=True,
env=self.env(),
input=self.input(),
=====================================
diffoscope/comparators/utils/file.py
=====================================
@@ -450,9 +450,7 @@ class File(metaclass=abc.ABCMeta):
def cmp_external(self, other):
return (
subprocess.call(
- ("cmp", "-s", self.path, other.path),
- shell=False,
- close_fds=True,
+ ("cmp", "-s", self.path, other.path), close_fds=True,
)
== 0
)
=====================================
diffoscope/comparators/xz.py
=====================================
@@ -48,7 +48,6 @@ class XzContainer(Archive):
with open(dest_path, "wb") as fp:
subprocess.check_call(
["xz", "--decompress", "--stdout", self.source.path],
- shell=False,
stdout=fp,
stderr=None,
)
=====================================
diffoscope/comparators/zst.py
=====================================
@@ -47,10 +47,7 @@ class ZstContainer(Archive):
logger.debug("zstd extracting to %s", dest_path)
with open(dest_path, "wb") as fp:
subprocess.check_call(
- ["zstd", "-d", "-c", self.source.path],
- shell=False,
- stdout=fp,
- stderr=None,
+ ["zstd", "-d", "-c", self.source.path], stdout=fp, stderr=None,
)
return dest_path
=====================================
tests/comparators/test_binary.py
=====================================
@@ -173,7 +173,7 @@ def test_with_compare_details_and_parsing_error():
class MockFile(FilesystemFile):
def compare_details(self, other, source=None):
- subprocess.check_output(["sh", "-c", "exit 0"], shell=False)
+ subprocess.check_output(["sh", "-c", "exit 0"])
raise OutputParsingError("sh", self)
difference = MockFile(TEST_FILE1_PATH).compare(MockFile(TEST_FILE2_PATH))
@@ -188,7 +188,7 @@ def test_with_compare_details_and_extraction_error():
class MockFile(FilesystemFile):
def compare_details(self, other, source=None):
- subprocess.check_output(["sh", "-c", "exit 0"], shell=False)
+ subprocess.check_output(["sh", "-c", "exit 0"])
raise ContainerExtractionError(self.path, Exception())
difference = MockFile(TEST_FILE1_PATH).compare(MockFile(TEST_FILE2_PATH))
=====================================
tests/comparators/test_cbfs.py
=====================================
@@ -41,7 +41,7 @@ def rom1(tmpdir):
path = str(tmpdir.join("coreboot1"))
subprocess.check_call(
- ("cbfstool", path, "create", "-m", "x86", "-s", "32768"), shell=False
+ ("cbfstool", path, "create", "-m", "x86", "-s", "32768")
)
subprocess.check_call(
@@ -56,7 +56,6 @@ def rom1(tmpdir):
"-t",
"raw",
),
- shell=False,
)
return specialize(FilesystemFile(path))
@@ -69,7 +68,6 @@ def rom2(tmpdir):
subprocess.check_call(
("cbfstool", path, "create", "-m", "x86", "-s", "%s" % size),
- shell=False,
)
subprocess.check_call(
View it on GitLab: https://salsa.debian.org/reproducible-builds/diffoscope/-/commit/39c9831c42b4f49b047d6aad620d78e84c8bec8d
--
View it on GitLab: https://salsa.debian.org/reproducible-builds/diffoscope/-/commit/39c9831c42b4f49b047d6aad620d78e84c8bec8d
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.reproducible-builds.org/pipermail/rb-commits/attachments/20200527/aec9a960/attachment.htm>
More information about the rb-commits
mailing list