shell=True is too dangerous to allow; there are unfiltered user inputs

There are all sorts of unfiltered user inputs like tag and branch names in source repos. If those names are fed into popen calls that use shell=True, that opens up a wide range of exploits. All core operations should never use shell=True.
2025-11-04 06:30:27 +03:00 · 2018-01-23 23:56:15 +01:00 · 2018-01-23 23:56:15 +01:00 · b851d49d24
commit b851d49d24
parent 07cdf848d7
3 changed files with 17 additions and 11 deletions
--- a/hooks/pre-commit
+++ b/hooks/pre-commit
@ -129,4 +129,8 @@ for f in $RB_FILES; do
 	fi
 done

+if grep --line-number 'shell=True' fdroidserver/[a-ce-z]*.py; then
+    err "shell=True is too dangerous, there are unfiltered user inputs!"
+fi
+
 exit 0