nixos/test-driver: Avoid shell injection in machine.execute()

author: Anna Gillert <anna.gillert@cyberus-technology.de> 2022-04-11 19:16:03 +0200
committer: Anna Gillert <anna.gillert@cyberus-technology.de> 2022-04-21 10:54:00 +0200
commit: dbc95f15b8dad5224cbb6a52df979023db6cba98 (patch)
tree: 57c5d1f63a54245e823f142679c33a501343a612 /nixos/lib
parent: ed945aeb6e4278a3f1b3f137665ad47b79f525c9 (diff)
1 files changed, 5 insertions, 2 deletions
diff --git a/nixos/lib/test-driver/test_driver/machine.py b/nixos/lib/test-driver/test_driver/machine.py
index ed2aceb965819..035e3ffe89731 100644
--- a/nixos/lib/test-driver/test_driver/machine.py
+++ b/nixos/lib/test-driver/test_driver/machine.py
@@ -529,10 +529,13 @@ class Machine:
         # Always run command with shell opts
         command = f"set -euo pipefail; {command}"
 
+        timeout_str = ""
         if timeout is not None:
-            command = f"timeout {timeout} sh -c {shlex.quote(command)}"
+            timeout_str = f"timeout {timeout}"
 
-        out_command = f"({command}) | (base64 --wrap 0; echo)\n"
+        out_command = (
+            f"{timeout_str} sh -c {shlex.quote(command)} | (base64 --wrap 0; echo)\n"
+        )
 
         assert self.shell
         self.shell.send(out_command.encode())
author	Anna Gillert <anna.gillert@cyberus-technology.de>	2022-04-11 19:16:03 +0200
committer	Anna Gillert <anna.gillert@cyberus-technology.de>	2022-04-21 10:54:00 +0200
commit	dbc95f15b8dad5224cbb6a52df979023db6cba98 (patch)
tree	57c5d1f63a54245e823f142679c33a501343a612 /nixos/lib
parent	ed945aeb6e4278a3f1b3f137665ad47b79f525c9 (diff)