Congegni/sintonia
7
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Added vulnerability where strings would not be escaped when pass to shell command

Browse source
This commit is contained in:
Rudi Grinberg 2012-11-21 12:55:57 -05:00
parent 9abd7fa431
commit 8c97995c2f
1 changed files with 2 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

4
python_apps/media-monitor2/media/monitor/pure.py
View file

@ -6,7 +6,7 @@ import os
import math import math
import wave import wave
import contextlib import contextlib
import shutil import shutil, pipes
import re import re
import sys import sys
import hashlib import hashlib
@ -162,7 +162,7 @@ def walk_supported(directory, clean_empties=False):
def file_locked(path): def file_locked(path):
cmd = "lsof %s" % path cmd = "lsof %s" % (pipes.quote(path))
f = Popen(cmd, shell=True, stdout=PIPE).stdout f = Popen(cmd, shell=True, stdout=PIPE).stdout
return bool(f.readlines()) return bool(f.readlines())