From 75fb67c36a1c4dcec6b9b2c4e7102a1000066c4f Mon Sep 17 00:00:00 2001 From: D German Date: Sun, 26 Mar 2017 15:32:58 -0700 Subject: Avoid execution of files that include & in the filename --- Changes | 7 +++++++ lib/Ninka.pm | 4 ++-- lib/Ninka/CommentExtractor.pm | 4 ++++ 3 files changed, 13 insertions(+), 2 deletions(-) diff --git a/Changes b/Changes index 04ec33e..9fb1c89 100644 --- a/Changes +++ b/Changes @@ -1,3 +1,10 @@ +2017-03-26 Daniel M. German + + * lib/Ninka/CommentExtractor.pm (execute_command): + Added check to make sure no spurious command is executed + + * Changed version to 1.3.1 + 2015-05-11 dmg * Released version 1.3 diff --git a/lib/Ninka.pm b/lib/Ninka.pm index 8f454cd..292549a 100644 --- a/lib/Ninka.pm +++ b/lib/Ninka.pm @@ -9,7 +9,7 @@ use Ninka::SentenceExtractor; use Ninka::SentenceFilter; use Ninka::SentenceTokenizer; -our $VERSION = '1.3'; +our $VERSION = '1.3.1'; sub process_file { my ($input_file, $create_intermediary_files, $verbose) = @_; @@ -86,7 +86,7 @@ Scans a source file and returns the found licenses. =head1 COPYRIGHT AND LICENSE -Copyright (C) 2009-2014 Yuki Manabe and Daniel M. German +Copyright (C) 2009-2014,2017 Yuki Manabe and Daniel M. German This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as diff --git a/lib/Ninka/CommentExtractor.pm b/lib/Ninka/CommentExtractor.pm index 8a2e66f..c01d91f 100644 --- a/lib/Ninka/CommentExtractor.pm +++ b/lib/Ninka/CommentExtractor.pm @@ -66,6 +66,10 @@ sub create_head_cmd { sub execute_command { my ($command) = @_; + if ($command =~ /&/) { + die "illegal file name in command to be executed [$command]"; + } + my ($child_in, $child_out, $child_err); $child_err = gensym(); my $pid = open3($child_in, $child_out, $child_err, $command); -- cgit v1.2.1