Avoid execution of files that include & in the filename

3 files changed, 13 insertions, 2 deletions

diff --git a/Changes b/Changes
index 04ec33e..9fb1c89 100644
--- a/Changes
+++ b/Changes
@@ -1,3 +1,10 @@
+2017-03-26  Daniel M. German  <dmg@uvic.ca>
+
+	* lib/Ninka/CommentExtractor.pm (execute_command): 
+          Added check to make sure no spurious command is executed
+
+        * Changed version to 1.3.1
+
 2015-05-11  dmg  <dmg@uvic.ca>
 	
 	* Released version 1.3
diff --git a/lib/Ninka.pm b/lib/Ninka.pm
index 8f454cd..292549a 100644
--- a/lib/Ninka.pm
+++ b/lib/Ninka.pm
@@ -9,7 +9,7 @@ use Ninka::SentenceExtractor;
 use Ninka::SentenceFilter;
 use Ninka::SentenceTokenizer;
 
-our $VERSION = '1.3';
+our $VERSION = '1.3.1';
 
 sub process_file {
     my ($input_file, $create_intermediary_files, $verbose) = @_;
@@ -86,7 +86,7 @@ Scans a source file and returns the found licenses.
 
 =head1 COPYRIGHT AND LICENSE
 
-Copyright (C) 2009-2014  Yuki Manabe and Daniel M. German
+Copyright (C) 2009-2014,2017  Yuki Manabe and Daniel M. German
 
 This program is free software: you can redistribute it and/or modify
 it under the terms of the GNU General Public License as
diff --git a/lib/Ninka/CommentExtractor.pm b/lib/Ninka/CommentExtractor.pm
index 8a2e66f..c01d91f 100644
--- a/lib/Ninka/CommentExtractor.pm
+++ b/lib/Ninka/CommentExtractor.pm
@@ -66,6 +66,10 @@ sub create_head_cmd {
 sub execute_command {
     my ($command) = @_;
 
+    if ($command =~ /&/) {
+        die "illegal file name in command to be executed [$command]";
+    }
+
     my ($child_in, $child_out, $child_err);
     $child_err = gensym();
     my $pid = open3($child_in, $child_out, $child_err, $command);