From 2a80aa434f74feb31242b6f213b75ce63ae97902 Mon Sep 17 00:00:00 2001 From: Joe Becher Date: Wed, 19 Feb 2020 09:36:10 -0500 Subject: [PATCH] CE-1380_sanitize_args --- codecov/__init__.py | 10 +++++++--- tests/test.py | 3 +++ 2 files changed, 10 insertions(+), 3 deletions(-) diff --git a/codecov/__init__.py b/codecov/__init__.py index 6b3205c3..40ba7a73 100644 --- a/codecov/__init__.py +++ b/codecov/__init__.py @@ -34,6 +34,10 @@ remove_token = re.compile(r'token=[^\&]+').sub +def sanitize_arg(replacement, arg): + return re.sub(r'[\&]+', replacement, arg, 0, re.MULTILINE) + + ignored_path = re.compile(r'(/vendor)|' r'(/js/generated/coverage)|' r'(/__pycache__)|' @@ -624,11 +628,11 @@ def main(*argv, **kwargs): ) write('==> Processing gcov (disable by -X gcov)') cmd = "find %s %s -type f -name '*.gcno' %s -exec %s -pb %s {} +" % ( - (codecov.gcov_root or root), + (sanitize_arg('', codecov.gcov_root or root)), dont_search_here, " ".join(map(lambda a: "-not -path '%s'" % a, codecov.gcov_glob)), - (codecov.gcov_exec or ''), - (codecov.gcov_args or '')) + (sanitize_arg('', codecov.gcov_exec or '')), + (sanitize_arg('', codecov.gcov_args or ''))) write(' Executing gcov (%s)' % cmd) try_to_run(cmd) diff --git a/tests/test.py b/tests/test.py index ed640c6e..cf001d61 100644 --- a/tests/test.py +++ b/tests/test.py @@ -315,6 +315,9 @@ def test_none_found(self): else: raise Exception("Did not raise AssertionError") + def test_sanitize_arg(self): + self.assertEqual(codecov.sanitize_arg('', '& echo test > vuln1.txt'), ' echo test > vuln1.txt') + @unittest.skipUnless(os.getenv('JENKINS_URL'), 'Skip Jenkins CI test') def test_ci_jenkins(self): self.set_env(BUILD_URL='https://....',