diff options
author | Anna Gillert <anna.gillert@cyberus-technology.de> | 2022-04-11 19:16:03 +0200 |
---|---|---|
committer | Anna Gillert <anna.gillert@cyberus-technology.de> | 2022-04-21 10:54:00 +0200 |
commit | dbc95f15b8dad5224cbb6a52df979023db6cba98 (patch) | |
tree | 57c5d1f63a54245e823f142679c33a501343a612 /nixos/lib/test-driver | |
parent | ed945aeb6e4278a3f1b3f137665ad47b79f525c9 (diff) |
nixos/test-driver: Avoid shell injection in machine.execute()
Diffstat (limited to 'nixos/lib/test-driver')
-rw-r--r-- | nixos/lib/test-driver/test_driver/machine.py | 7 |
1 files changed, 5 insertions, 2 deletions
diff --git a/nixos/lib/test-driver/test_driver/machine.py b/nixos/lib/test-driver/test_driver/machine.py index ed2aceb965819..035e3ffe89731 100644 --- a/nixos/lib/test-driver/test_driver/machine.py +++ b/nixos/lib/test-driver/test_driver/machine.py @@ -529,10 +529,13 @@ class Machine: # Always run command with shell opts command = f"set -euo pipefail; {command}" + timeout_str = "" if timeout is not None: - command = f"timeout {timeout} sh -c {shlex.quote(command)}" + timeout_str = f"timeout {timeout}" - out_command = f"({command}) | (base64 --wrap 0; echo)\n" + out_command = ( + f"{timeout_str} sh -c {shlex.quote(command)} | (base64 --wrap 0; echo)\n" + ) assert self.shell self.shell.send(out_command.encode()) |