From: Daniel P. Berrangé <[email protected]> The subprocess.run command avoids using the shell and so is robust should sys.argv contain any whitespace or unexpected shell meta characters.
Signed-off-by: Daniel P. Berrangé <[email protected]> --- scripts/check-file-access.py | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/scripts/check-file-access.py b/scripts/check-file-access.py index 2636eb4f96..71130d4dec 100755 --- a/scripts/check-file-access.py +++ b/scripts/check-file-access.py @@ -23,6 +23,7 @@ import os import re +import subprocess import sys import tempfile @@ -36,11 +37,9 @@ permitted_file = os.path.join(abs_srcdir, 'permitted_file_access.txt') os.environ['VIR_TEST_FILE_ACCESS_OUTPUT'] = access_file -test = ' '.join(sys.argv[1:]) +proc = subprocess.run(sys.argv[1:]) -ret = os.system(test) - -if ret != 0 or os.read(access_fd, 10) == b'': +if proc.returncode != 0 or os.read(access_fd, 10) == b'': os.close(access_fd) os.remove(access_file) sys.exit(ret) -- 2.51.1
