Use subprocess to Avoid shell injection in shutil module - fork/pypy.git

diff options

author	Hervé Beraud <hberaud@redhat.com>	2018-09-24 10:33:59 +0200
committer	Hervé Beraud <hberaud@redhat.com>	2018-09-24 10:33:59 +0200
commit	8a43ac9d420b088807be911aa5ee34e9de326c65 (patch)
tree	7e385986d1fc8715783c2e8f3f991f0cd3dba4eb /lib-python/2.7/StringIO.py
parent	fix error message (diff)
download	pypy-8a43ac9d420b088807be911aa5ee34e9de326c65.tar.gz pypy-8a43ac9d420b088807be911aa5ee34e9de326c65.tar.bz2 pypy-8a43ac9d420b088807be911aa5ee34e9de326c65.zip

Use subprocess to Avoid shell injection in shutil module

Convert shutil._call_external_zip to use subprocess rather than distutlils.spawn Subject: When shutil.make_archive falls back to te external zip problem, it use subprocess to invoke it rather than distutils.spawn. This closes a possible shell injection vector. distutils.spawn isn't very good at quoting command lines. Resolve: https://bugs.python.org/issue34540 Original-Author: Benjamin Peterson <benjamin@python.org>

Diffstat (limited to 'lib-python/2.7/StringIO.py')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: